Why Is 'Pay the Ransom' In Next Year's Budget?
This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Les McCollum, managing vp, CISO, ICMA-RC. All three of us discussed:
Are you taking into account all variables when considering to pay the ransom? With a whopping 25 percent of all ransomware victims paying the ransom, paying the ransom has become part of the security plan. But does doing that actually accomplish anything? Ransomware is not just encrypting your data, but it's also data theft and public exposure. Have you calculated the reputational risk of paying the ransom will cost? Also, after you've paid you're a known entity that will pay. You will be a target to get hit again and again. Most companies upgrade their security programs after an attack. Do you know how much you'll be spending on that?
How do you create a culturally sane group that's diverse? I always hear forward thinking managers claim they want "culture fit" and "diversity". But the two often seem diametrically opposed. Culture fit speaks to monoculture which is far from diversity. It's really a situation of 'value fit' not 'culture fit'.
We have unconscious bias, accept it. We all live with unconscious bias, and we often don't express it maliciously. When you accept that it's real, and we ALL have it in various forms is key. When it's pointed out don't shame the perform for having it, and the person who has it shouldn't feel shame for expressing the unconscious bias. Just know you did it, try to improve, and move on.
You can't plan for every budget instance, but you can prioritize. A lot will change in a year and it's hard to plan your budget accordingly. But, it's very important to understand the priority of each request or each demand. If you have a clear understanding of that and your risk register, then you'll be able to budget accordingly.
Click to listen: https://cisoseries.com/why-is-pay-the-ransom-in-next-years-budget/
Tags 🏷
#cybersecurity #cso #ciso #infosec #hacker #ciberseguranca #cyberattacks #threats #malware #cibercrime #exploit #hackers #databreach #pentesting #cloudsecurity #cyberwar #datasecurity #hacking #cloud #phishing #securitymanagement #infosec #ransomware #datasecurity #encryption #cisoseries
This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Les McCollum, managing vp, CISO, ICMA-RC. All three of us discussed:
Are you taking into account all variables when considering to pay the ransom? With a whopping 25 percent of all ransomware victims paying the ransom, paying the ransom has become part of the security plan. But does doing that actually accomplish anything? Ransomware is not just encrypting your data, but it's also data theft and public exposure. Have you calculated the reputational risk of paying the ransom will cost? Also, after you've paid you're a known entity that will pay. You will be a target to get hit again and again. Most companies upgrade their security programs after an attack. Do you know how much you'll be spending on that?
How do you create a culturally sane group that's diverse? I always hear forward thinking managers claim they want "culture fit" and "diversity". But the two often seem diametrically opposed. Culture fit speaks to monoculture which is far from diversity. It's really a situation of 'value fit' not 'culture fit'.
We have unconscious bias, accept it. We all live with unconscious bias, and we often don't express it maliciously. When you accept that it's real, and we ALL have it in various forms is key. When it's pointed out don't shame the perform for having it, and the person who has it shouldn't feel shame for expressing the unconscious bias. Just know you did it, try to improve, and move on.
You can't plan for every budget instance, but you can prioritize. A lot will change in a year and it's hard to plan your budget accordingly. But, it's very important to understand the priority of each request or each demand. If you have a clear understanding of that and your risk register, then you'll be able to budget accordingly.
Click to listen: https://cisoseries.com/why-is-pay-the-ransom-in-next-years-budget/
Tags 🏷
#cybersecurity #cso #ciso #infosec #hacker #ciberseguranca #cyberattacks #threats #malware #cibercrime #exploit #hackers #databreach #pentesting #cloudsecurity #cyberwar #datasecurity #hacking #cloud #phishing #securitymanagement #infosec #ransomware #datasecurity #encryption #cisoseries
Comentários
Postar um comentário