There is a saying that goes “A fish rots from the head down” – get your senior board members up to speed on the threat landscape including cyber. They have invaluable strategic skills, which combined with the next steps will place an organisation on the front foot instead of the back one. From IIRSM Specialist Advisor, Mike Gillespie.
Ensure training is relevant and regular. The threat landscape changes fast, as the last few days have demonstrated. Make sure all staff, including senior management are thoroughly trained and enabled to question emails, files or activities they feel are counter to organisational security.
Make sure there is a policy in place that covers behaviours such as surfing inappropriate websites (where malware is often deposited for drive-by infection) and for ransomware, so staff know exactly what is expected of them. Technology is a great supplemental support to human interaction when it comes to virus scanning and network monitoring, but don’t rely on it 100 percent. There is no magic button and security is achieved by cultural establishment.
If you have any device, component or system that is web enabled or networked, make sure it is part of IT Change management; getting patches and updates on relevant systems and equipment and making risk-based decisions about keeping any systems with outdated Operating Systems. Let us not forget that the vast majority of these successful ransomware attacks are only made possible as a result of human activity.
Ransomware is not a cyber ‘attack’, it is an active and offensive head on assault on our defences. It is the dangling of a poisonous and indiscriminate bait that staff then take and bring into our organisations thus facilitating this destruction. Almost all of the organisations affected will find, when they do their incident investigation thoroughly, that one of their staff has downloaded unauthorised software, or clicked on a phishing email or attached an infected USB device to their network. Without this human intervention, very little malware has any potency.”