Ransomware made waves this year when it exploded onto the internet in a series of headline-grabbing attacks, all of which were attempts to extort businesses for exuberant amounts of money. The concept of ransomware is simple: install malware that encrypts all the files on a workstation, attempt to spread through saved email addresses, and ultimately force the user to pay a ransom to decrypt their data again. This is textbook extortion, highly illegal, and extremely disruptive to organizations being targeted.
Keeping the scale in your favor during an average production day always proves to be difficult. The list of vulnerabilities has grown unmanageable. In many cases, there are lengthy reports to review, spreadsheets to update, and worse, PDFs to comb through. Meanwhile, threat actors continue to develop zero-day vulnerabilities along with weaponizing known vulnerabilities; some of which go as far back as 2006.
You’ve probably heard by now about GDPR, the General Data Protection Regulation, passed by the EU and set to go into effect in May 2018. At it’s core, the regulation is intended to protect private party’s data and give citizens increased control over how their data is collected, used and stored. It’s important to recognize that the regulation does not apply only to businesses in EU member states, but to any organization who processes the personal data of EU citizens.