Frank Ready at LAW.COM wrote this very clear article with great budget ammo. I suggest you forward the link at the bottom to your Legal team, with a cc to your C-level executive who own the InfoSec purse strings:
"It turns out that crime really does pay sometimes, and bad actors still have plenty of incentive to infiltrate organizations—and sometimes even cities—and hold sensitive information hostage. Poor cybersecurity and anonymous online payments have both reduced the barriers and lowered the risk of getting caught. Basically it’s rabbit hunting season.
And while there are steps that entities can follow once their data has been taken prisoner, even those carry no small degree of risk. Here are a few of the many harsh truths surrounding ransomware and how to deal with an attack." Here are the 5 headers, the full article has each of these explained with much more detail:
- Errors Negotiating The Ransom Or Encryption Keys
- Crime Pays. Bitcoin has changed the dynamics and made ransomware a viable way for organized crime to secure money
- Crime Goes Big Or Goes Home. Attacks are targeting larger organizations and even focus on cities or States
- Law Firms Carry A Bullseye, they are catnip to ransomware criminals
- Inside Threats (employees making errors) are the greatest vulnerability
Here is the full article at LAW.COM. (no-cost registration required)