Ransomware attacks keep increasing in volume and impact largely due to organizations’ weak security controls. Mid-market companies are targeted as they possess a significant amount of valuable data but lack the level of protective controls and staffing of larger organizations.
According to a recent RSM survey, 62% of mid-market companies believe they are at risk of ransomware in the next 12 months. Cybersecurity leaders’ sentiment is somewhere on the spectrum between “top-of-mind” to “this gives me serious migraines.”
As ransomware is still the preferred way for actors to monetize their access, there’s a dire need to understand organizational levels of preparedness, and to identify and remediate gaps before an attacker can exploit them.
Lean cybersecurity teams can quickly gauge their ransomware readiness by following the NIST CSF framework, asking themselves, “Do we have something like this in place?” for each of the core functions: “Identify,” “Protect,” “Detect,” “Respond,” and “Recover”:
Asset management is the process of knowing what all your organization’s critical assets are, where they’re located, who owns them, and who has access to them. Data needs to be classified so that access may be governed, and the company benefits from ensuring the integrity of the data. An organization only needs to protect the confidentiality of some of its data based on its classification. Controls that ensure the utility and authenticity of data bring an organization real value.
images from Hacker News