Following the news that hackers have stolen apparent internal documents from a Californian investment bank and published them online, likely in an effort to extort money from the victim company. Javvad Malik, Security Advocate at AlienVault commented below.
Javvad Malik, Security Advocate at AlienVault:
“The challenge is that even if companies pay the ransom, there is no guarantee that the data won’t still be leaked publicly or traded privately. Once the genie is out of the bottle there is no going back. So I’d not recommend paying the ransom under these circumstances.
Companies need to know what data they have, valuing it, and applying the best controls to it. However, it’s not always as easy or straightforward to establish the value of items, and data in particular is particularly difficult to value. One of the main reasons is that the value is hardly ever static; rather it changes on an ongoing basis. Businesses must examine the value of their data, not just in that point in time, but across a timeline that takes into account various events that may occur.
Organizations need to be aware of what data is hazardous to them and under what circumstances. Where possible, this should be imparted into the risk appetite of the organization and described independently of the technology stack. If this can be done, companies will be closer to understanding the value of their data, protect the most vital aspects, and minimise the chances of being held to ransom.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…