DISC 3

.docx

School

St. Clair College *

*We aren’t endorsed by this school

Course

2619

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

3

Uploaded by aehunt1030

Report
Ransomware attacks leave individuals and organizations with a difficult decision regarding the security and safety of critical information or finances. Another significant dilemma that they will face is grappling with the ethical implications that come into play should they pay the ransom, such as: o Setting a Precedent : According to Richardson and North (2017) “there is always the concern that paying the ransom will encourage the criminals” (p.14). Meaning cybercriminals may view victims who pay as lucrative targets, creating a much more prevalent ransomware problem within the industry. o Encouraging Future Criminal Activity:  By yielding to the demands of cybercriminals these people/organizations directly support future criminal activities, thus perpetuating the cycle and endangering others. o National Security:  Paying ransoms to cybercriminals who wish to compromise national security could lead to direct funding of terror attacks. o No Guarantees for Victims:  What guarantees are in place to provide victims with the promised outcome once ransom is paid? They may end up losing both their data and their ransom payment. While reports suggest that the “public sector is less affected by ransomware than the private sector”, (Sophos, 2020) the percentages are close enough to indicate that ransomware does not discriminate and that active collaboration is beneficial for both private and public agencies.  In a 2022 article published on DarkReading.com, Marc Rogers, the Senior Director of Cybersecurity at Okta states that the “diversification of expertise” and the required skill sets for ransomware protection advances more rapidly in the private sector due to its competitive fast- moving nature. The public sector is limited in resources, personnel, technology, and so forth. The article also states that because of this the “private sector is in a unique position where it can help inform […] the public sector”. Collaboration between these two industries can improve threat detection, response strategies, technology development, and victim support for everyone through communication and teamwork. Sharing intelligence regarding potential and previous threats can enable others to enhance their cybersecurity measures, creating a more effective prevention strategy. Establishing unified protocols for responding to cyberattacks can strengthen the collective defence against ransomware threats by streamlining response efforts and helping security professionals learn from other experiences. Collaborating on preventative and defensive technologies improves the industry’s ability to advance their technologies and be more efficient in ransomware prevention. While the overall goal is collaboration, the industry can also come together to provide support and tools for victims of ransomware attacks.  So, while the public sector lacks resources and expertise, they are also less often targeted. Do you think the lower frequency of attacks on the public sector, despite their limited resources and expertise, could be due to harsher legal ramifications? How might the private sector leverage its skills and resources for its benefit when offering collaboration with government/public sectors? References: Richardson, R., & North, M. M. (2017). Ransomware: Evolution, mitigation and prevention.  International Management Review, 13 (1), 14.
Rogers, M. (2023)  Fighting ransomware takes an army: Our public & private sector soldiers join forces Dark Reading . Available at: https://www.darkreading.com/cyberattacks-data- breaches/fighting-ransomware-takes-an-army-our-public-private-sector-soldiers-join- forces (Accessed: 08 February 2024).  Sophos.  The State of Ransomware 2020: Results of an independent survey across 26 countries , 2020. https://www.sophos.com/en-us/medialibrary/Gated-Assets/white-papers/sophos- the-state-of-ransomware-2020-wp.pdf Reply: How do you think regular people can help in the fight against ransomware, apart from relying on companies and governments? Members in the public and private sectors can help to protect their organizations in various ways, some of which are outlined in a ransomware prevention guide published in 2021 by the Canadian Centre for Cyber Security. The guide tells us that individuals should prioritize regular backups to secure offline storage devices. They should also adhere to the principle of least privilege, which essentially only allows access to data that is essential for that individual’s outlined tasks. This policy is helpful to ensure that damage incurred by the use of accidental, incorrect or unauthorized information is limited. Individuals should ensure their systems have up-to-date software, anti-malware, and firmware. Most importantly individuals need to have access to cybersecurity professionals who can assist them with all of the above recommendations and more, as most cybersecurity threats require expert guidance. Although there are plenty of potential risks associated with using work devices for personal means, most companies and organizations do not have strong policies against it. When using your work/organization’s computer or other devices for personal use you must stay vigilant in protecting yourself and the organization. This includes being cautious when opening links and emails or when visiting public domains. It also means adopting proactive measures that aid in protecting personal/sensitive information, such as creating elaborate passwords that change
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help