US Dept of Homeland Security - Cyber Essentials

Thank you to everyone who joined us for NOW + NEXT: Cyber Essentials. Click here to replay the webinar.

In the first portion of yesterday’s event, Trent Frazier, CISA’s Deputy Assistant Director, Stakeholder Engagement Division, and Bradford Willke, CISA’s Senior Advisor for Stakeholder Engagement, gave an overview and discussed the six pillars of cyber essentials: Yourself, Your Staff, Your Systems, Your Surroundings, Your Data, and Your Crisis Response. In the second portion of the program, we invited a small business owner, Spencer Ferguson of Wasatch IT (and speaker at CO— Workshop Wednesday: Protecting Your Business from Cyber Threats), to share personal strategies when dealing with ransomware and best practices.

Resources:

• White House Open Letter to Corporate Leaders
• CISA Ransomware Guide
• CISA alerts
• CISA Tips

Live Poll Results: 

1) What’s your breaking point when it comes to how a ransomware attack would affect your organization?

• 16% responded: We don’t have one, because we are confident we can prevent, respond, contain, and/or recover without paying and without much of a blimp in operations.
• 25% responded: It might come down to how much we would have to pay, but we know what security and resilience information we will use to make those decisions during an attack.
• 54% responded: We can’t or won’t pay and we also don’t know how bad things might get, but we have a recovery and/or restoration plan. 
• 5% responded: We’ll probably pay if it’s not outrageous because we know it would be bad (i.e., highly impactful or disruptive and not an easy recovery).

2) Does your organization maintain comprehensive data backups that are regularly tested? Does your organization maintain backup copies offline?

• 64% responded: Yes, we maintain comprehensive data backups that are regularly tested.
• 54% responded: Yes, we maintain backup copies offline.
• 5% responded: No, we DO NOT maintain comprehensive data backups that are regularly tested.
• 5% responded: No, we DO NOT maintain backup copies offline.

 3) Does business impact (analysis) factor into how your organization patches security vulnerabilities or how your organization implements automatic updates?

• 59% responded: Yes, business impact (analysis) factors into how my organization patches security vulnerabilities.
• 39% responded: Yes, business impact (analysis) factors into how my organization implements automatic updates.
• 20% responded: No, business impact (analysis) DOES NOT factor into how my organization patches security vulnerabilities.
• 27% responded: No, business impact (analysis) DOES NOT factor into how my organization implements automatic updates.

4) Has your organization developed and tested an incident response plan?

• 68% responded Yes
• 32% responded No

Event Details