Ransomware Isn't the Problem, IT Departments Are

hobbit666

@scottalanmiller Agree with most of wants said in that article.
Think we've discussed this in the past, that it needs to be a dedicated person/team when a company hits a certain size, as monitoring logs, network activity etc can be a large task.

One thing i think about, they all bang on about have Air gapped backups, but some Ransomware can lay dormant for a bit while it spreads around the network. Depending on your backup strategies this could mean even the backups are useless.

dbeato

@scottalanmiller So are they saying that the security issues that happen because a user click on stuff (which is not always the case), that the IT Department is at fault?

nadnerB

Pffffft. Not news.

Ineffectual security, ineffectual management, ineffectual IT, same issue different pay cheque.

Too many people holding onto old security practices (or lack there of).

All comes down to meatware being meatware and doing what it does best.

1337

@nadnerb said in Ransomware Isn't the Problem, IT Departments Are:

Pffffft. Not news.

Ineffectual security, ineffectual management, ineffectual IT, same issue different pay cheque.

Too many people holding onto old security practices (or lack there of).

All comes down to meatware being meatware and doing what it does best.

Everybody has a plan till they get punched in the face.

Wipe the drives on all your servers and workstations and erase your data in the cloud. Clear the configuration on your switches, firewalls etc for good measure. Then let's see how fast you are up and running again.

Ransomware is run by organized crime and they didn't come to play around.

Obsolesce

@dbeato said in Ransomware Isn't the Problem, IT Departments Are:

@scottalanmiller So are they saying that the security issues that happen because a user click on stuff (which is not always the case), that the IT Department is at fault?

But if IT was done correctly, a user who installs ransomware on their own PC from clicking on something or following through on a bad email, would be an isolated incident, only effecting that one user's device. It shouldn't be possible to spread further than that.

IRJ

Zero Trust is the way

JaredBusch

@irj said in Ransomware Isn't the Problem, IT Departments Are:

Zero Trust is the way

Carnival Boy

I think just blaming IT departments is harsh. I know from back when I was running IT departments that there is constant pushback from users whenever security was tightened or new policies rolled out and it is critical to make clear that security is something being pushed from the very top and not from IT. In many companies, senior executives will actively undermine IT when it comes to security - that shouldn't happen.

It's important that when a senior executive moans to the CEO that IT are making his or her life difficult the reaction is "suck it up" and not "I'll have a word and see what I can do to make you an exception".

There were little things that I did like when a memo went out on a new policy I made it sure it came from the CFO and not from IT so (a) people took it seriously and (b) IT didn't get the pushback from necessary but unpopular polices.

There needs to be a culture of "IT are making your data safe" and not "IT are making your life difficult".

DustinB3403

@carnival-boy this is how the world should work, if things were perfect.

Of course even in the best of cases new policies should be deployed and known how they are going to affect your users before being implemented.

Often times they aren't understood, and have some breaking issue that has no other easy alternative.

Dashrender

@carnival-boy said in Ransomware Isn't the Problem, IT Departments Are:

something being pushed from the very top and not from IT. In many companies, senior executives will actively undermine IT

Here Here!

As Scott has said a million times, IT is what helps make the company run, not to make the policies.

High level management definitely needs to be the ones telling all the people, both big and small that these changes are here and that no one is exempt.

scottalanmiller

@dbeato said in Ransomware Isn't the Problem, IT Departments Are:

@scottalanmiller So are they saying that the security issues that happen because a user click on stuff (which is not always the case), that the IT Department is at fault?

If one user clicking on stuff also takes out other users and your backups? Yes, the IT department is at fault.

scottalanmiller

@carnival-boy said in Ransomware Isn't the Problem, IT Departments Are:

I think just blaming IT departments is harsh. I know from back when I was running IT departments that there is constant pushback from users whenever security was tightened or new policies rolled out and it is critical to make clear that security is something being pushed from the very top and not from IT. In many companies, senior executives will actively undermine IT when it comes to security - that shouldn't happen.

This is completely true. However, I am also very critical of not allowing senior management to undermine IT by making IT decisions and then claiming to not be IT. Those "senior managers" without IT, are actually the IT managers in that situation. That they try to skirt blame by claiming other titles is irrelevant. IT is who does it.

It's like plumbing. If you hire a trained electrician and then he does your plumbing, he's a plumber. He might not be a trained plumber, he might not be a good plumber, but he's a plumber.