Is Your Organization Vulnerable to a Ransomware Attack?

Posted by Chris Ripkey on Nov 16, 2021 10:00:00 AM

Ransomware is currently headline news and rightly so. Technology professionals around the globe have observed recent spikes in this form of cybercrime with alarm. The sheer volume of ransomware attacks in the first six months of 2021 is said to have eclipsed the 12-month total for 2020 and show little sign of slowing.

Recent trends demonstrate how ransomware attacks are becoming more complex. Some organizations are now facing double or even triple extortions. Hackers demand ransom to unencrypt drives, then to stop them from releasing sensitive corporate data, and then to stop them from releasing the data of that organization’s customers or partners.

Given heavy news coverage of this issue, it can be hard to sort yesterday’s story from the most pressing trends of today. Yet for IT security experts working in this space, one thing comes through loud and clear: common blind spots continue to place scores of organizations at risk. Companies looking to avoid becoming the next ransomware headline should take a hard look at whether they are falling into a few common traps.

False Sense of Security

Most organizations invest in technologies to protect against cyberattacks, from firewalls to end point protections to layers of authentication and more. Yet this is only one part of the equation. Without a holistic approach that extends well beyond the systems themselves, organizations can cultivate a false sense of security.

Missing Cyber in Your Disaster Recovery Plan

A range of challenges from COVID-19 to the growing number of natural disasters has fueled focus on Disaster Recovery (DR) and Business Continuity Planning (BCP). Yet for a surprising number of organizations, cyber risks like ransomware are not included as primary scenarios in their DR plans. There might be general reference to cyber breaches. But there’s a big difference between a hacker gaining access to your network and a hacker paralyzing your operations with ransomware encryption.

Planning Without Practice

An Incident Response Plan or DR plan without intentional practice is as good as no plan at all. It’s frankly surprising how few organizations take advantage of services like tabletop simulations. Given dependence on technology and the potency of cyber threats, working your plans through interactive simulation exercises should be standard operating procedure at least once, if not twice, per year. These tests should involve everyone with a key role to play: IT teams, senior executives, communications pros, legal and regulatory counterparts, front-line sales, or customer service leads and outside technology partners.


As Ransomware Attacks Skyrocket, Blind Spots Leave Organizations Vulnerable


Topics: Security, Cyber Security, Cyber Awareness, Disaster Recovery, Cyber Recovery, Ransomware


Chris Ripkey
Chris Ripkey  -- Chris Ripkey is the Senior Director of Cyber Security at ConvergeOne. He has 20+ years of experience in Cisco and Microsoft Technologies. He currently has an MCSE, MCSA and CCNA. His strengths include Cisco Voice over IP, Cisco IP IVR, Cisco Call Manager, Cisco Switches, Routers, Firewalls and MPLS Networks. He also has extensive knowledge of BGP and OSPF Routing Protocols. Previously, he has held roles as a Senior Network Engineer for Penton Media and a Senior Network Specialist for Community America Credit Union.