The good news this week for many enterprises is that the Petya/NotPetya Ransomware scare is not really ransomware. The bad news, Petya turned out to be a worm that seizes control of infected devices, spreads to other devices on the network, digitizes its files, and has no intention of releasing them back to the owner, ransom paid or not. Many analysts conclude that this is an indicator of a sinister State sponsored attack aimed at a targeted adversary.
The reality is that Cyber Risk Management is so much more than antivirus protection, malware awareness, and safeguarding against ransomware. There are exploits such as Denial Of Service attacks that are aimed at shutting businesses down or disrupting an organization’s product offering, such as electricity, or financial transactions, or medical device monitoring. Social Engineering methods are more “physical world” centric, with the goal of exploiting individual personal information, gaining access to a restricted area, or learning more about a cyber target to feed a plan of attack.
Cyber Risk Management is a holistic look at an organization. A thorough understanding of the enterprise vulnerabilities, top to bottom, and side to side. It is the corporate Governance, policies, awareness of threats. Planning and practice are key and essential elements of Cyber Risk Management. Does everyone in the organization know how to react? Who to contact? How to contact the right authority?
While the Ransomware scare has abated this week, it is advisable to take this time to lean forward, get more aggressive to understand your corporate Cyber Risk posture, and strengthen!
Please contact us for more information!