Why Organizations Are Vulnerable to Ransomware

In this episode of Life of a CISO, Dr. Eric Cole walks us through why so many organizations are vulnerable to cyber attacks and ransomware specifically.

If you don’t cover the basics – strong passwords, never opening email attachments, never patching, etc., you might as well leave the front door open and the passcode to the safe written down next to it.

To learn more about what you can actually do to protect yourself, read Dr. Cole’s newest book, Cyber Crisis. 

In this episode:

  • 0:30 We are truly in a Cyber Crisis. And it’s getting worse
  • 0:57 SolarWinds was a canary in the coal mine
  • 1:56 Was the issue with SolarWinds a third-party vulnerability?
  • 2:20 SolarWinds was targeted for commercialized cybercrime
  • 4:25 If you don’t learn from the past, you will repeat it
  • 6:20 As CISOs, executives must be told that supply chain attacks are the new normal
  • 6:55 How segmented is your environment?
  • 8:45 Ideally, every person or entity should have as much access as they need, no more or less
  • 9:45 Two takeaways: Executives must be warned of supply chain attacks, servers are segmented
  • 10:04 When there are problems, everyone wants to run after the shiny object
  • 12:01 False positives drown out real attacks
  • 13:53 Segmentation is an IT function
  • 15:45 These attacks are not advanced
  • 18:40 Attacks are preventable…but we aren’t preventing them
  • 19:49 All of the stolen data is encrypted
  • 22:45 Protect the keys