Vito Nozza

The Current State of Ransomware

Many cyberattacks involve ransomware, a form of malicious software or malware, designed to deny access to a computer system or data until a ransom is paid and a decryption key (commonly called a decryptor) is given to the victim. The encryption is virtually unbreakable without the decryption key, and you should not spend valuable time seeking a way around the encryption if you are attacked with it. Ransomware can spread in multiple ways, but most typically, through phishing emails or by unknowingly visiting an infected website. Ransomware can be catastrophic to healthcare (along with many other industries), preventing critical information and systems for patient care from being accessed, for example.

There are good reasons most large enterprises worldwide are quickly adopting the cloud for everything from sales contracts and product specs to videos and overall business operations. The cloud offers flexible, scalable, and cost-effective computing that cuts down IT costs, consolidates data centers, accelerates growth and enables digital transformation. Migration to the cloud has accelerated in the post-pandemic hybrid work world and more recently as companies battle inflation and rising real estate costs.

Global cyberattacks are becoming more widespread. The onslaught of online assaults we’ve seen five months into the year has made putting adequate measures in place to keep organization's critical information secure that much more critical. Harvard Business Review has stated that the "conflict in Ukraine presents perhaps the most acute cyber risk U.S. and western corporations have ever faced." Accelerated cyberattacks are already underway directed at Ukraine and may expand to nation-states providing support to Ukraine, including the United States.

With the record number of cyberattacks making national news, cybersecurity is top-of-mind for many business executives—but an effective cybersecurity strategy involves more than just awareness of possible threats. It’s important that your organization is prepared for the inevitability of facing cyberthreats.

I’ve been known to use quotes to inspire or strengthen my message, so here goes: “The sky is falling, the sky is falling” (The Remarkable Story of Chicken Little, 1840). Believe it or not, this Chicken Little quote has significance to businesses: If you are not ready for incidents, individuals will go into a panic and act like the sky is falling. Preventing this is the main focus of an incident response plan (IRP), which takes control of events that could cause catastrophic harm to your organization in advance so that you do not panic when they actually occur.

Disasters. They can mean different things to different companies. One company might be scrambling without any sense of direction during a malware attack; another company might be as cool as a cucumber. The difference is having a plan in place and the right personnel to help fulfill it. Franz Kafka, a major figure in 20th-century literature, stated, “Better to have and not need than to need and not have.”

Oscar Wilde once stated, “To expect the unexpected shows a thoroughly modern intellect.” In continuing our look into being prepared during Cybersecurity Awareness Month, our second installment will focus on business continuity, what it entails, and the ongoing process to ensure it doesn’t become a "set it and forget it.”

October is Cybersecurity Awareness Month, but it’s about more than just awareness. It’s important that your organization is prepared for the inevitability of facing cyberthreats.

There is an old saying that states, “Take care of your house and let others worry about theirs.” This might be valid in the pre-internet world, but with so many dependencies and relationships that have been created between partners and third-party suppliers, the “trust but verify” motto has become commonplace—or has it? Companies are only as strong as their weakest links. Creating a strong cybersecurity program internally is not enough, as the program should include all aspects of business in which data is vulnerable.

As today is Data Privacy Day, it is only fitting that we discuss your data and understand the rights you have when sharing that information. How many of you have used Google? Apple? Facebook? Amazon? Within the last day? Did you know what you were agreeing to when you quickly scrolled down to the accept their terms of service boxes? How about when you accept the numerous cookies that pop up on seemingly every website that you visit? Do you know what these “accept” actions have given companies permission to do?