On Balance Magazine - Sept/Oct 2021

Page 16

SURVIVING THE

RANSOMWARE SIEGE How prepared is your organization?

A

By Jeffrey T. Lemmermann, CPA, CITP, CISA, CEH

t some point in 2015, cybercriminals had an aha moment. Instead of going through all of the trouble of breaking into a network, stealing data and then executing a complicated scheme to monetize that data, they found a shortcut — and it was already paved.

Data encryption was touted as a defense against attempts to steal data, and companies implemented encryption to keep their data safe. It did not take long for the bad guys to figure out a way to turn those defenses around: Encrypt the data and hold the key for ransom. Already armed with methods to trick users into running things they should not, attack methods were created that locked companies out of their own computers, data stores and applications. Faced with the prospect of being without key systems and data for long periods of time, criminals offered a quick fix: Pay us to fix it. Insurance companies often encouraged

14

On Balance

September | October 2021

payments, calculating that it was more economical to pay upfront than to pay for rebuilding systems, covering lost revenue and buying new equipment. The result was predictable. Criminals saw big pockets behind the companies they were attacking. They widened their attacks and increased the ransom demands. More criminals got into the game, realizing how profitable this venture was becoming.

How to measure your readiness Preparing for these attacks relies on basic cybersecurity hygiene. At its core, a ransomware attack is just a variant of a malware attack, relying on the same weaknesses that malware attacks have needed for many years. The results of the attack, however, require new considerations. The biggest question that companies are asking today is this: “Can we survive a ransomware attack?” To answer that, it is best to break the threat down to four questions: 1. Can we protect against the attack? 2. Can we detect the attack? 3. How do we respond to the attack? 4. If the attack is successful, how will we recover?

wicpa.org

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

ACCOUNTING & AUDITING

9min
pages 38-44

TAXATION

7min
pages 30-33

HUMAN RESOURCES

5min
pages 34-37

THE PROFESSION

11min
pages 24-29

The enhanced ERC

15min
pages 20-23

Surviving the ransomware siege

7min
pages 16-19

Making sense of sliding statistics

12min
pages 12-15

Certified unconventional

6min
pages 8-11

Vol. 17 No

3min
pages 6-7
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.