Is Your Company Equipped for a Ransomware Attack?
August 19, 2021
At a glance:
- The main takeaway: Ransomware attacks and cybercrimes are rising rapidly, highlighting the importance of a comprehensive cybersecurity strategy. Most companies are unprepared.
- A dangerous pattern: Despite the upward trend in cyberattacks, many companies have ineffective cybersecurity teams and fail to prioritize information security within the c-suite – this leaves companies more exposed to an attack.
- Don’t wait until it’s too late: Contact Aprio’s Digital Transformation and Cybersecurity Advisors to learn how we can simplify and strengthen your cybersecurity operations.
The full story:
Ransomware attacks in North America rose by 158% between 2019 and 2020, according to a report by cybersecurity firm SonicWall. In the healthcare industry, a report by Comparitech found that ransomware attacks during the same period rose by 470%. The financial impact of these attacks is estimated to be tens of billions of dollars.
These numbers reflect a crisis, yet so few companies prioritize the role of chief information security officer (CISO) within their c-suites. If an organization employs a CISO at all, they rarely have the direct ear of the CEO, which undermines the ultimate ability to protect the business from threats.
It’s time to think differently about the role of information security among top business leaders.
Some businesses may think they’re too small or in an unlikely industry to need a CISO, but anyone in this modern digital age can be susceptible to ransomware attacks and other hacks. Organizations with sensitive data, like hospitals, governments, and financial institutions, are particularly at risk, but attacks on retail and e-commerce companies are rising.
Some of these companies feel like they can’t afford to employ a full-time CISO; we believe companies can’t afford not to. At the end of the day, fully funding your cybersecurity strategy will cost significantly less than recovering from an attack. Furthermore, putting that strategy in the hands of a qualified individual with the power and trust to lead will result in a better, cheaper approach than any disjointed efforts led by an underqualified team.
This begs the question:
What makes a good CISO?
A CISO’s effectiveness can’t be traced to one trait but rather a combination of skills, trust, and authority. If you want to strengthen your business’s protection against cybercrime, make sure your CISO position checks these boxes:
- Highly skilled, trained, and credentialed in cybersecurity technical expertise
- Strong leadership and business acumen
- Ability to communicate cybersecurity risk in business terms
- Reports directly to the CEO
If your business doesn’t have a CISO, or if the role doesn’t currently fulfill the characteristics above, investigate how you can better prioritize cybersecurity. You may be able to bridge the gap by partnering with a cybersecurity advisor, like Aprio’s Digital Transformation and Cybersecurity Advisory Services. Our experienced team can help create a better cybersecurity strategy tailored to your business objectives while prioritizing investments in security controls. We can even help manage regulatory and compliance requirements with a level of expertise uncommon across most c-suite roles.
Make cybersecurity a top priority at your business before it’s too late. Aprio’s Digital Transformation and Cybersecurity Advisory Services can help you create, implement, and deploy a holistic strategy that supports your information security and business objectives. Contact us today to learn more.
About the Author
Jeff Kramer is Aprio's Executive Vice President of Digital Transformation Advisory and Cybersecurity | Specializing in providing managed IT solutions and advisory services to small, medium and large businesses in manufacturing, consumer products and insurance. In an evolving world, Jeff is there to provide ever-adapting solutions to meet any client needs.