From: CSO | Opinion
Cyberattacks can happen for a whole variety of reasons. No company is entirely safe. And these days, when digital communication is so vital to the basic operations of a company, incorporating a messaging strategy that takes into account business, legal and regulatory requirements should be a priority.
There seems to be no end in sight for ransomware and malware attacks after the spike in high-profile incidents last summer. This includes the Wannacry ransomware strike in May 2017; PetWrap/NotPetya attacks in June; the identification of “BlackOasis” through an Adobe Flash vulnerability in October; the explosive revelations of the Equifax breach; wireless security protocols that need to be patched; the Meltdown and Spectre bugs in processor chips; and most recently the Cisco Adaptive Security Appliance vulnerability, among others.
Many companies are now rightfully revisiting their incident response (IR) protocols to prepare themselves for future attacks. More and more regulatory requirements dictate that organizations must have a written IR plan. While an IR plan is just one piece of a larger, more complex cybersecurity program, it is nevertheless a critical component and one that many regulators are closely scrutinizing. Apart from the legal, reputational and regulatory risk, ransomware attacks can disable entire global businesses for several days making IR plans business critical.
Leave a Reply