What ho, readers?
What does a tech guy with literature and history degrees do? Write about things like this and allude to "Hamlet."
Oh, and also a ransomware incident at one of the world's largest manufacturers of hearing aids.
Again: we've got to be right every time, they only have to get lucky once.
But, to step up on my soapbox: until organizations are willing to invest in their infrastructure security before a ransomware attack or breach, it's just going to keep happening.
When your IT team comes to you and asks if there's money for a broader and deeper security portfolio that includes both perimeter and interior visibility and protection from attacks, say yes.
When they want to invest in expensive analytical tools like SIEM, say yes.
When your teams grumble about silos keeping them in the dark, do whatever it takes to enable free and open communications and projects. Part of a solid security posture is resiliency; do you have a solid DR plan in place not just for natural disasters but man-made ones?
When your applications teams fret about any potential outages, real or perceived, if and when they implement these new tools, simply point to the cost of a breach and ask which is worse.
Security and networking projects, like any other major project (IT or otherwise), are complex and carry risk in the short term (minor outages) that will pay off in the long term (preventing 7-9-figure losses from breaches and ransomware attacks).
Security should be a board-level concern, with fiscal and human resources directed toward it.
OK, off the soapbox. Have a great day, all!
The company expects the incident to have a long-lasting effect on its bottom line, proving again why businesses can't ignore their cyber-security posture anymore.