Ransomware – Who is responsible?

Look in the mirror

85 percent of computer and network breaches involved a human element, according to Verizon’s “2021 Data Breach Investigations Report,” while over 80 percent of breaches were discovered by external parties. That is good news. Does that mean if each one of us could modify our behavior, then perhaps this ransomware and breach problem might go away?

Well… Everyone works under some kind deadline pressure. And if you are like me, you tend to procrastinate. To meet that impending deadline, we have to work quickly. So, when that application or operating system security update pops up, we have to push it away. Or the I.T. department applies the update. Of course that is the day our assignment, proposal, paper, or whatever is due for presentation or submission. If you work remotely, that’s when you notice that your organization’s system is crawling along slowly or the company network is unavailable. You have already forgotten about or quashed that warning you received updating your home or office workstation to the latest security patch. Or your antivirus program that has been interrupting you for days does it again. And that’s when a “Digital Pearl Harbor” is most likely to occur.

Our I.T. computer people and the information technology industry can’t fix this. Together with the leadership, we can.

There is no silver bullet or firewall that the computer/network security industry can set up to protect you or your organization from yourselves. Again, 85% of the problem it is a behavior issue.

When was the last time your immediate supervisor asked about whether you saw that operating system security update or antivirus update? When did your boss take an interest in that phishing training offered over lunch or online? Never? Well, there you go. Unless your entire organization takes the appropriate amount of interest based on their risk management processes, what can you hope to do to fix this? Or if you work for yourself at home or remotely for your company; when was the last time you made sure your computer operating system was updated, your cable modem or home router internal operating systems were updated?

Unless or until information security becomes a priority for society, including organizations and individuals we are heading for a serious setback to our way of life or even life itself

Here is where the reader will expect me to come up with a frightening scenario. I will not waste my time. Suffice it to say that unless we use fundamental risk management processes, then we will simply lose – and lose big – even lose life itself. Lose to nation-states, terrorists, criminals (sometimes sponsored by nation-states or terror organizations).

Here is how to begin to take cyber information security seriously

Start with the The National Institute of Standards and Technology (NIST) “Generally Accepted Principles and Practices for Securing Information Technology Systems”. NIST has been a government agency since 1901. This means that when one sees in lawsuits and insurance documents containing wording similar to: “Generally Accepted Principles and Practices” or “Industry Standards”, they mean NIST or other industry or business convention.

From there, it will be easy to understand what and how you and/or your organization need to begin your process to prevent a Digital Pearl Harbor that would impact, you and even society as a whole

Leave a Reply

Your email address will not be published. Required fields are marked *