The Two Types of Organizations

“There are only two types of organizations: those that know that they’ve been hacked and those that don’t yet know,” he said. “But they’ve all been hacked.”

image001.jpg

A cyber security expert Dmitri Alperovitch once said “There are only two types of organizations: those that know that they’ve been hacked and those that don’t yet know,” he said. “But they’ve all been hacked.”

He was speaking to a massive breach Yahoo had back in December of 2016, but when I had read it, it really resonated with me. Since that breach, there have been countless more popping up in the news each and every day, and that same quote has been reiterated over and over. There’s a chance Dmitri wasn’t even the first person that had uttered that quote – he was just the first person I heard say it.

Ransomware has proliferated this issue. Ransomware can exist dormant on a network for years until it is triggered active by a nefarious actor. In several cases I’ve both seen personally and read about, ransomware can lay dormant well past the several years of backups until the company has reached a point of no return: every single backup they have is a backup of the ransomware-infected environment.

This is the exact scenario that leads companies worldwide to face the ultimatum: pay the ransom or forever abandon your data.

Now, more than ever, it is important for all organizations to take a deep introspective look at how they are protecting their data. What intrusion detection methods can they deploy? How are they establishing their backups? Is their data backed up to several, diverse targets?

Cyber security is not a solved science. It is an ever-growing, ever-changing process that requires the technology community to come together, share information, and create solutions.