As you’ve seen on my Interests & Hobbies page, not only am I into IT and Information Security, but I’m also interested in cryptocurrencies. Throughout the past couple of years Ransomware has really started to come into the mainstream, and with that rise one of the emerging trends here at the end of 2017 is the wholesale buying of cryptocurrencies by corporations in preparation for an eventual incident. McAfee sees an evolution in the nature and application of ransomware that is only going to increase in 2018.
The Security-minded side of me is of course disdainful of the whole Ransomware practice and what it all entails, and nothing justifies the actions of the malicious actors. The cryptocurrency lover in me though does appreciate the speculative returns that the increased volume brings to the market.
As a security leader I think every one of us must be prepared in advance for that moment in time when a Ransomware incident occurs. Not if, but when. How will we approach it, what will we do? What is our frame of mind? To sit on the sidelines and not have a plan these days is unacceptable. More importantly, we must be thinking more proactively about not so much how will we respond, but rather what are we doing in advance of an incident to either eliminate or strongly mitigate the risk? What practices like encrypted out-of-band backups, two factor authentication, employee aniti-phishing education programs etc are we putting in place to lessen the damage and decrease the time to restore operations when something happens.
With a week left in the year it’s never too late to start thinking about your professional New Year’s Resolution and how you are going to take your organization to the next level in the coming year. On the last business day before the holiday, I wish you all a Merry Christmas.