According to Lindy Cameron, CEO of the British National Cyber Security Centre (NCSC), most companies are not prepared for a ransomware attack.
This is despite the fact that ransomware attacks are widely considered “the most immediate danger to UK businesses and most other organizations,” and their level of unpreparedness can be judged by the fact that “many have no incident response plans, or ever test their cyber defenses.”
She further explained that while the government is working on various plans to control the situation effectively, companies and other organizations have a lot of work to do by investigating their defenses and planning in advance for all eventualities such as a ransomware attack. Measures such as the timely application of security patches and updates and the use of multifactor authentication can make a big contribution to protecting organizations from ransomware attacks.
Commenting on this subject and the roles of organisations and companies, Cameron said: “One of the key things I have learnt in my time as NCSC CEO is that many – in fact the vast majority – of these high-profile cyber incidents can be prevented by following actionable steps that dramatically improve an organization’s cyber resilience. Responsibility for understanding cyber security risks does not start and end with the IT department. Chief executives and boards also have a crucial role. No chief exec would get away with saying they don’t need to understand legal risk because they have a general counsel. The same should be true of cyber risk.”
For more information, read the original story in ZDNet.