Ransomware: can this happen to us?

business1 year ago1 minute read
Picture of author Olivier Sels

After the ransomware attacks on Antwerp and Diest, many will think: "Can this happen to us?" Here are some major red flags. If you encounter them in your organization, you might be in trouble.

🚩 Inadequate security metrics

Reading this post to find out the answer to "Can this happen to us?" is actually a major red flag. The InfoSec department should gather and publish easily accessible metrics and reports on the efficacy of the InfoSec program to keep your organization safe. Those should give you the confidence you seek, not some random blog post on the internet. But do read on for the other red flags.

🚩 Employee resentment towards InfoSec

Do your employees regard the InfoSec department as a nuisance that prevents them from doing their job properly? And do they often complain about the InfoSec department? This is another major red flag, as unhappy employees will disregard, circumvent or even sabotage the policies of the InfoSec department. Most cyberattacks are made possible due to human error, not because of software vulnerabilities, and a well-regarded InfoSec department is key in winning the trust of your employees and preventing many of those attacks.

🚩 Insufficient InfoSec budget

How much do you spend on Information Security? If the answer is "I don't know, it's included in the IT budget", or "Our IT provider handles that", that's a major red flag. Of course the correct amount will depend on your organization, but a rule of thumb is 15% of the total IT budget. For every 100k invested in app development, 15k should go to securing it.

Those are our 3 major red flags, at least one of which already applies to you. Time for action! And don't skimp on your InfoSec budget for 2023 😉


Follow us on

Perform a SAMM assessment

Free

Improve security

Easy to use

Related articles

A diagram of how to protect application secrets, showing them being injected in the deployment process. Developers do not have access to application secrets or the production environment.
A snippet of text to describe mvsp: Minimum Viable Secure Product.
A cloud of key aspects related to the 'organize basic data protections' practice
Our mission

Secuma helps technology companies develop more secure applications. We encourage and guide the integration of security best practices in the entire Software Development Lifecycle, improving the security of your applications and stopping issues from becoming incidents.

Company

infosecuma.be
Sels Software & Security BV
Hoogputstraat 22B
3690 Zutendaal
Belgium
BE0748911858

Geregistreerd dienstverlener voor de KMO portefeuille

DV.A249876


Thank you for visting Secuma |
Pictures courtesy of Unsplash