Hi All
How are IT Managers affected by Ransomware?
https://www.itproportal.com/news/ransomware-is-taking-its-toll-on-it-staff-confidence/
Do they lose confidence, and is security awareness the answer as this article suggests?
Regards
Caute_cautim
@Caute_cautim wrote:
Do they lose confidence, and is security awareness the answer as this article suggests?
Here's the link to the report referenced in the article: Cybersecurity: The Human Challenge
The percentages they are comparing are 17% confident before and 6% after the attack. The before percentage is rather low to begin with. Albert Einstein comes to mind here, "The more I know, the less I understand". It makes sense after having first hand knowledge/experience in recovering from any threat that there is a lot we don't know. And that's okay, we shouldn't expect ourselves to know everything about the many facets of Cybersecurity.
I think the answer here is to try and spend an equal amount of time and attention to each category: Identify, Protect, Detect, Respond, Recover. My confidence would go down as well if I spent a disproportionate amount of time in the Protect category.
My personal opinion is that some may lose confidence but others will become "annoyed" that folks are not following set protocols or trainings.
Security Awareness training does help but unfortunately the "bad guys" come up with more and more enticing titles or topics or more realistic subject lines.
As security folk, we try to advise folks to be careful but when an accounts payable clerk receives what they believe is an invoice from a valid supplier, it becomes impossible to stop.
I believe the key is to educate Sr. Management and ensure that good backups are in place, etc.
my nickel
d
It is a good Nickel and good thoughts too: My perspective as we in New Zealand work our way towards 1st December 2020 and the new Privacy Act 2020, is some people will be surprised, others will be prepared and doing well educating their staff.
Others just cannot be bothered they want to follow the human pain syndrome, it has to hurt and have an impact before anyone bothers doing this.
Yes, I agree Senior Management need to take responsibility - but this echoes another discussion that of changing the entire culture and philosophy of an organisation from the top down and through out the organisation. How many organisations have this level of commitment or have sustained major costs and impact and potentially losses, in brand, reputation before they think there must be a better way of doing things?
Regards
Caute_cautim
Is this something exclusive to ransomware? If you've ever lost a RAID5 array and could not regain the data, you'll definitely consider RAID6 or 10.
If your backups aren't segmented, you'll probably do that next time.
If your company won't pay for security awareness training, budget in a WAF or EDR.
Eric,
You make a good point. Working in IT is not for the faint of heart. There are many pitfalls and holes that we can fall into. Some worse that others (at least at that moment).
In your cases, tech plays a large role, in the case of Ransomware, humans play the major role. It is like our cars, we cannot control when we go out and it will not start, we can only grin and say, I guess I should have done x, y or z and move on. In many organizations, there will be the hunt for the guilty, even though no one is to blame for a tech failure.
However, with Ransomware, we try to educate folks, we have them sign that they took the trainings, we remind them, we show them articles that discuss the topic, etc and yet daily companies get caught by the latest round of ransomware or the latest virus. In this case, we can hunt for the guilty and we will find someone.
As I previously stated working anywhere in IT is not for the faint of heart and many, many will fall by the wayside as they cannot or do not want to cope with the stress levels. But having said that, MANY professions have their own stress points that some of us simply could not tolerate or even fathom living through. I for one, could never be a doctor............
So yes Eric you are correct, Ransomware is not the only stressor but it does make for a decent article.
again my nickel (Canadians don't have pennies)
d
@dcontestiThis as usual smacks of someone to blame - but in fact it can be a cultural failure within the organisation in terms of not recognising it is a collective failure, not one orchestrated by an individual.
This means the maturity level of the organisation needs to grow, evolve and mature as everyone is in the same game - trying to survive at the present time.
The pressure is on, but we have to strategically stop, breath, think what can we do better, how can many of the greater innovations assist us, or can we re-use what we currently have and apply new techniques.
We simply have to stop using traditional methods, they are very quickly breaking down and use different approaches which bring about the best in people - hence the reason organisations are selecting new people with different brain perspectives, which previously denied them access to employment. Now we want them for their different perspectives, visions, no matter how apparently wacky they may appear.
Go go forward with Design Thinking, Agile but let is evolve into Garage and different ways of thinking.
Regards
Caute_cautim