An unprecedented cyber-attack by a ransomware variant known as WannaCry, which encrypts a computer’s files and then demands payment to unlock them, has propagated at a speed never before seen by cybersecurity researchers and is impacting targets worldwide. So far it has taken a major toll on operational services at targets including Telefonica in Spain, the National Health Service in the UK, and FedEx in the US with European countries, including Russia, being among the worst hit.
If you haven’t already, then at some point you’ll need to have “the talk” with the business.
Introducing cyber security risk management to non-technical executives can be difficult, awkward and excruciatingly tiring. Unfortunately… the number one and arguably most important thing missing from most corporate cyber security risk management programs is senior leadership’s approval.
In light of the countless cyber incidents reported daily—including high-profile database breaches that have impacted millions of patients—the question of risk responsibility is more front and center than ever before. To date, there’s remained a troubling tendency to view cyber security as fundamentally different and separate from other organizational risks. Or, it’s simply viewed as an “IT problem” best left handled by those with the requisite experience and operational subject matter expertise.
Your organization has been hit with a catastrophic ransomware attack. Most of the critical digital systems that your business needs in order to function—at the most basic level—are offline. Your CEO has received a ransom note demanding money. If no payment is sent, the attack will continue indefinitely, and the company may never regain access to much or all of the compromised data.
The economics of cyber security are completely lopsided. There are a seemingly infinite number of cyber security risks out there, with more and more popping up every day. Hackers appear to have unlimited resources, and cybercriminals are literally reinvesting their lucrative profits into new and innovative ways to exploit, extort, and steal from your organization.