CyberInsights Weekly #5

Your weekly dose of learnings from cybersecurity news

I. To pay or not to pay…

California State University Northridge was attacked by ransomware and decided to pay up. Garmin was attacked by ransomware. They too probably paid.

Canned consulting advice is to never pay a ransom demand. This is not always sound advice. Decide based on what you stand to lose.

Fundamentals Check: Keep backup copies offline - not writable. Test, test, test.

CISO Check: Under what circumstances will you pay the ransom? Does your cyber insurer handle the ransom payment process?

II. A different kind of hack

Thieves broke into several retail stores of Walgreens. Not for the money.

They stole hard drives containing PHI of around 70,000 customers.

Data is the new cash?

CISO Check: Does this risk figure in your risk register? Do you have this scenario in your incident response playbook?

III. Quote of the week

Risk is in the eye of the beholder - Richard Seiersen

---

Have an original interesting cybersecurity quote? Let us know in the comments and we will publish it along with your name in our quotes section.

For weekly CyberInsights and thought provoking questions: