Page 84 - Cyber Defense eMagazine January 2024
P. 84

and recovery tools for your critical data and systems can take all the power away from ransomware actors
            — if you are impacted by a ransomware attack, you don’t have to think through whether or not you need
            to pay to get your data back, you already have the ability to recover it from your encrypted,  immutable
            and isolated backups.


            Every  CISO  and  security  practitioner  should  take  the CRI’s  pledge  as  an opportunity  to  reinforce  the
            seriousness  and impact  of ransomware  with their  boards and  leadership  within  their organization  and
            have a risk discussion based on the organization's control environment highlighting any gaps in your data
            resilience  and recovery  posture. Simply having  a working backup  and recovery can greatly reduce the
            risk associated with ransomware, not to mention non-malicious and accidental data loss scenarios. Like
            I said, having preventative measures  in place is important as we all know, but it is equally important to
            have data  resilience  and recovery  capabilities  in place  to protect your  sensitive  data when  bad things
            happen. So, my ask is this…do yourself and your organizations a favor and take a fresh look at your data
            resilience and recovery capabilities, if you don’t have a plan, create one; if you don’t have the capabilities
            to recovery critical data implement them or share this information with your leaders and Board members
            and initiate risk-based discussions and options to address gaps in your capabilities.

            While  the  CRI’s  pledge  is a positive  step,  I’m certainly  not waiting  for  them  to solve  the  ransomware
            problem. But I’m hopeful that all the energy and attention it’s generated will compel companies to take a
            hard and  objective  look at their data  resilience  and recovery  capabilities  and  plans and take  action to
            address any gaps. In doing so, you are taking control and changing the narrative around the impact of a
            ransomware attack on your organization.





            About the Author

            Todd  Thorsen  is the  Chief  Information  Security  Officer  of  CrashPlan.  He
            brings more than 15 years of information security experience across various
            disciplines. Todd has a proven track record of building and leading security
            programs  focused  on  global  security  operations,  risk  and  compliance,
            incident response, resilience, and data protection. He can be reached online
            on LinkedIn and through the company website at www.crashplan.com.





















            Cyber Defense eMagazine – January 2024 Edition                                                                                                                                                                                                          84
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   79   80   81   82   83   84   85   86   87   88   89