ThinkTWENTY20

Ransomware is continuing to plague many organization, particularly those with large holdings of sensitive data, like educational institutions and government departments.

A Ransomware attacker gains entry into a victim’s system, encrypts their files thus making them inaccessible and then demands a ransom payment from the victim before providing the encryption key to enable the victim to gain access to their own files. The costs can range from a few hundred dollars to many thousands or even millions, often payable in Bitcoin. 

Paying the ransom is usually not a good idea because it does not address the original weakness that made the intrusion possible. Ransomware insurance is worth considering, but also cannot replace proper security policy and procedure.

As one source puts it, “Organizations must patch aggressively, establish complete backups, prepare a comprehensive response plan, and focus on educational training for every employee to make sure they are prepared to manage attacks and continue with little disruption.” Follow this link for further information.

Proper controls must be adopted proactively and with a great deal of diligence. They cost money and time to develop and maintain. But in the end, this cost may well be a lot less than the alternatives of responding to a successful attack.

The Gartner report “Detect, Protect, Recover: How Modern Backup Applications Can Protect You From Ransomware” can be downloaded from their site.

As with many areas, the pandemic has accelerated the trend towards mobile workforces and the concomitant shift to cloud-based apps away from intranet based functionality. This shift raises a host of new security exposures, ranging from those inherent in the cloud to the security shortcomings sometimes extant in externally sourced apps.

Many organizations recognize this conundrum and are trying to address it. In a recent survey of 535 security leaders, forty-nine percent of the security leaders' pointed to their jobs being tougher than two years ago. The biggest challenges include “a more complex threat landscape (48%), moving workloads to the cloud and difficulty monitoring the larger attack surface (32%), and workforce hiring (28%).”

Most (88%) leaders report security spending will increase at their organization; 35% say there will be a "significant" boost.”

Determining where the new money for security will go is likely to reflect this new reality. It’s a big challenge.

For additional information, check out this link.

One story that has hit the news around the world this week is that Royal Dutch Shell PLC, Exxon Mobil Corp. and Chevron Corp lost a significant case involving climate change policy. An investor group had challenged their approach to climate change and last week, the courts agreed with the investors.

On the same day, Exxon Mobil Corp. shareholders voted to replace at least two of the company’s 12 board members with directors who are seen as better suited to fight climate change

Also, Suncor Energy Inc., announced a target to achieve net-zero emissions by 2050 which is in line with the federal government’s commitment under the Paris Agreement. 

Shareholders include the world’s largest fund manager, such as Blackstone, who are forcing companies to account for, and deal with, the risks they face regarding climate change. Blackstone itself which controls large investments by pension and other funds from around the world is a major influence for ESG reporting.

ESG reporting is gaining traction everywhere as evidenced by, for example, the formation of the Sustainability Accounting Standards Board (SASB), and the moves in the EU to make sustainability reporting a mandatory part of corporate reporting. The US Securities and Exchange Commission’s recent request for input on climate change disclosure also shows an interest by this major regulator in ESG reporting.

Companies cannot ignore these pressures. There is a major shift going on in attitudes towards ESG reporting and corporate responses to climate change.