I was honored to have the opportunity to make a small contribution to this news report. Thank you to John Engel and News 5 WCYB for their diligence.
Spear phishing is a serious threat to many organizations and can result in the loss of highly sensitive information. ETSU has taken respectable steps after the fact to mitigate the impact of this incident, but we can all learn from this situation and strengthen the postures of our own organizations to prevent these types of attacks in the future.
Though I agree in principle that ransomware is not a breach in the strictest sense of the word, I would say there is tremendous value in adding the reactive weight of a breach in how we perceive and respond to a ransomware incident. Incident is the correct word to use in this situation. Ransomware is a significant security incident and should be treated as such. Unfortunately, many of us lock into the “Confidentiality” component of IT Security and only react when data is accessed or exposed. “Availability” is still a very important leg of the IT security triad and deserves significant consideration.
This article says it well. You have to practice, practice, practice when it comes to preparing for a data breach or any other kind of incident that can affect your company or organization. You would be amazed at the level of buy-in you can receive if you simply walk your management team through the causes and effects of an incident response plan.