“Things happened fast. It started with a couple of complaints, but quickly everything just shut down.”
J&C Composites faced a ransomware scenario not once, but three times in as many years. Their position as a member of the defense industrial base painted a target on their back for not only low-level bad actors, but larger advanced persistent threats (APT’s) based overseas.
The latest attack came on the heels of the sudden departure of a middle manager within the organization, prompting questions regarding the security of the businesses data and how easy it could be to exfiltrate that data without anyone knowing. Executives began to ask, “was this caused by an external threat or internal?”
These attacks prompted investigations from regulatory bodies overseeing the federal contracts they fulfill, contractual review from the clients they serve, and talks with in-house counsel to determine if they were compliant with requirements agreed upon in their cyber-security line of insurance.
Is your organization aware of its statutory, regulatory, or contractual obligations for IT security?
Are you able to track data as it moves in your organization, and restrict it from leaving entirely?
When was the last time someone provided a “gap analysis” for your information systems?
Do you utilize technology as a means of mitigation risk?