How to Build a Cyber-Aware Organization

While the increased risk of cyber-attacks, further fueled by the pandemic, is in the news daily, too many organizations continue to lag in their planning and preparedness. There are countless stories of entities across the business and societal landscape, from big corporations to hospitals to schools, navigating data breaches and other forms of cyber-attacks that put their organizations, employees and stakeholders at risk. Cybercriminals are always looking for their next target and their tactics are continually evolving. The question is how to keep one step ahead or, at the very least, to keep pace with best practices?

Ransomware is currently headline news and rightly so. Technology professionals around the globe have observed recent spikes in this form of cybercrime with alarm. The sheer volume of ransomware attacks in the first six months of 2021 is said to have eclipsed the 12-month total for 2020 and show little sign of slowing.

There is an old saying that states, “Take care of your house and let others worry about theirs.” This might be valid in the pre-internet world, but with so many dependencies and relationships that have been created between partners and third-party suppliers, the “trust but verify” motto has become commonplace—or has it? Companies are only as strong as their weakest links. Creating a strong cybersecurity program internally is not enough, as the program should include all aspects of business in which data is vulnerable.

I can remember the moment clearly: I was in an early-morning meeting with several of my employees. Several minutes into the meeting, my mobile phone came to life with notifications and a call. Shortly after answering, there was a knock at the door. Almost instantly, I did not feel so well; I knew this couldn’t be good. As if it were rehearsed for stereo effect, I heard the words no one ever wants to hear: “I think we’ve been hacked.” My first response was, “Not possible!” Turns out, it was very possible and very much a reality. To be fully transparent, I thought my life and professional career were over in that moment; 25 years down the drain just like that! I took the cyberattack very personal.

As an Executive Director at one of the largest school districts in my state, I had officially become the next victim of ransomware.

In part one and part two of this blog series, we shared fourteen cybersecurity tips to prepare your organization for 2021. This blog post includes seven final tips to keep your organization safe in 2021.

In the previous installment of this blog series, we shared seven cybersecurity tips to prepare your organization for 2021. This blog post includes seven more tips to help protect your organization from cyber-attacks.

2020 has been a groundbreaking year on many fronts. Unfortunately, the majority of them have not been good ones. On October 28, 2020, the FBI, HHS, and CISA jointly reported on an imminent threat to healthcare organizations (the Health and Public Health Sector) surrounding the Ryuk variant of ransomware and other malware most recently seen accompanying it. “We are experiencing the most significant cybersecurity threat we’ve ever seen in the United States,” said Charles Carmakal, Chief Technical Officer of the cybersecurity firm Mandiant, in a statement.

The Healthcare sector (often known as Healthcare and Public Health, or HPH) is currently under an all-out cyber-attack, again focused on hospitals and ransomware gangs of cybercriminals.