A technology visionary with an extensive background in assessing cybersecurity and corporate risk, Sai Huda has given keynote presentations on the subject at events such as the Risk and Compliance Summit. In a recent article, Sai Huda explored the foundational threats presented by hackers and ransomware, and listed key questions that every organization should ask as a way of staying proactive and mitigating risk.
One of these questions centers on whether a “reverse stress test” is undertaken periodically that simulates data theft or a ransomware attack. This process should provide answers to the timeline and manner in which recovery can occur, as well as trace the source of the data breach or ransomware attack, and the control and backup deficiencies.
Another question is whether a behavioral detection engine is continuously sifting through all of the “noise" and pinpointing signals that indicate potential ransomware activity before it spreads or lateral movement by the attacker prior to data exfiltration.
A third question is whether audits are regularly performed to ensure system configurations are all aligned and secure, such that the “crown jewels” in the cloud cannot be hacked or stolen. Does top-to-bottom organizational training on security awareness take place on a regular basis that both teaches cyber best practices and simulates threats?
Finally, ask whether the supply chain, which may have privileged access to company data, has been thoroughly audited and does not have weak security that presents potential backdoors to your company’s IP or data.