Companies Aware of Ransomware Threats
Many larger companies are aware of the cyber threats their organizations are facing on a daily basis. To be sure the public is also aware of these threats, these companies have chosen to include cyber security disclosures as part of their SEC filings. According to the Data Protection Report, the companies who have included ransomware disclosures within their SEC filings include Repsol, IBM, and Concho Resources, and FedEx.
Unlike the other companies, FedEx has recently been the victim of a cyber attack. Therefore, the company’s 10-K report focused on FedEx and one of its subsidiaries being the victims of the global ransomware attacks that took place earlier this year. The emphasis was not only on the past attacks, but how the organization is moving forward. The report states one of the risks the company faces is,
“A significant data breach or other disruption to our technology infrastructure could disrupt our operations and result in the loss of critical confidential information, adversely impacting our reputation, business or results of operations.”
FedEx stated they have several plans in place to mitigate the risk of future attacks and/or breaches. However, they concluded the risk assessment with,
“While we have significant security processes and initiatives in place, we may be unable to detect or prevent a material breach or disruption in the future.”
What to Can Companies Do?
FedEx stated they have “significant processes and initiatives in place” — but what does this entail? Every organization’s disaster recovery plan may look a bit different. However, there are key pieces every company should be incorporating into their cyber attack prevention plan. These include:
- Implementing patch management services. Many security breaches and malware attacks are caused because of unpatched security gaps in operating systems, programs and/or software. Maintaining these, by keeping them updated can help mitigate the risk of malware and security breach vulnerabilities.
- Choose a security solution with application whitelisting as its primary method of malware detection. This is the most advanced method of malware prevention. By preventing malware, you are protecting your data from today’s cyber threats, including ransomware.
- Provide cyber security training to all employees. Providing basic cyber security training to all employees mitigates the risk of employees clicking on links or attachments they shouldn’t. Employees with higher level access, or who may be seen as “targets”, for example the human resources department, should go through a higher level of cyber security training. The more they know, the less likely they are to fall victim. Meaning the company and its data remains secure. Invest in this.
What has your organization done to mitigate the risks of cyber threats? Or have they turned a blind eye? Comment below!