You very likely have heard a lot about this subject in the past and in comes in many forms via a lot of different attack vectors.
Most IT professionals that are used to work in a well structured IT environment were all the basic bases like data protection, malware protection, business continuity planning and so on are covered might dismiss some of the risks that come with ransomware attacks.
But they might disregard that such attacks don't come down to "just" compromising one machine and then interactions with a single individual to squeeze someone for ransome payments after they've scrambled the data on that machine.
It's far more likely that once this one machine is compromised, they'll take their time to investigate further what can be learned about the environment, as this system now effectively acts as a bridgehead system for further exploits.
It's not just about possibly recovering this one machine by wiping it and reinstalling it to then recover previously back up data.
The attackers could have messed with your data weeks or months ago already and might be in possession of your delicate crown jewel data that they are threatening to release to your competition or to the public.
They might also have manipulated your data in an at first glance undetectable manner that might force you to roll back thousands if not millions of transactions depending on the data dimensions of the business you're working in.
Such risks might come with multiple layers of possible damage materializing up to ongoing ransom demands for extended periods.
The consequences of leaking your data can be devastating or even might be a fatal blow to your business if trust is lost and you're unable to rebuild trust in your operation fast enough and you might be fined by regulating bodies, subject to damages brought against you by your customers or even employees and on top of all that you might even lose insurance coverage on top of it.
You must also take into account that whether or not you think you got your ducks in a row you never can be sure and your adversaries might have the time and financial resources to check for all your weak spots!
Recurring audits might be one of the most important tools to share some risk with others and reduce the likelihood of being caught off guard.
Breaches in the past have shown, that even rather mature IT shops can be struck by this too while attackers have become more sophisticated day by day.
Keep in mind that you might not be on a level playing field even if you're an excellent, knowledged IT security expert you could simply be outnumbered and outsmarted.
It's probably a very good idea to bring in another set of eyes and expertise every now an then or rather on a regular basis. It might also be a good idea to switch audit & IT security assessment partners to enure that they have no chance to become routine blinded like possibly yourself and your internal resources might have become already years ago.
Don't see this as an threat to be criticized but rather as a chance to learn something or to even collect some "well done" compliments if the auditors haven't found anything to improve in your back yard.
If you're no IT security or IT operations expert it might be even more important to get someone to look over your stuff. Even in your private environment there might be very important data that might be well worth taking such a preventive measure.
I can say from personal experience I always learned a lot in such audits which came in handy since part of my self employed jobs is to do audits myself! 😉
See this very nice article on the rising risks of ransomware attacks and the recent FBI warning about ransomware attacks in health care by naked security by Sophos!
FBI “ransomware warning” for healthcare is a warning for everyone!
So, what do you think? Are you a fan of audits to reduce your IT risks or do you think you have it all covered super hero style? 🤣
Let me know down in the comments and have a wonderful day!
Cheers!
Lucky