In the aftermath of the Colonial Pipeline attack, ISACA polled more than 1,200 members in the United States and found that 85 percent of respondents think that their organization is at least somewhat prepared for a ransomware attack
"The Colonial Pipeline attack caused massive disruptions to gasoline distribution in parts of the US this month. Colonial reportedly authorized a ransom payment of US $4.4 million. In the ISACA survey, four out of five survey respondents say they do not think their organization would pay the ransom if a ransomware attack hit their organization. Only 22 percent say a critical infrastructure organization should pay the ransom if attacked.
'In a vacuum, the guidance not to pay makes total sense. We don't want to negotiate with criminals,' said Dustin Brewer, senior director of emerging technology and innovation at ISACA. 'But when you need to get your business back online, a cost/benefit analysis is going to come into play, and a company is going to do what it needs to do to have continuity. Good cyber hygiene has to be a focus to avoid getting to this point.'
The survey's other key findings included:..."
Read More ...