How does Ransomware work? Mistakes Board of Directors make
I want to continue my conversation with the Chairman of the Board on Ransomware and the new Chinese privacy laws.
One of the biggest mistakes that I see is a lack of preparation. You know, it sounds strange.
Still, yes, lack of preparation um you know they have good(Cyber) incident plans some of it is documented some of this is not documented, and as Audit Committee Chairs and when things have ransomed the question of do we pay or not pay that’s not the primary concern you as a board director your fiduciary duty is to make sure the enterprise is working on behalf of the shareholders. Hence, if that means you have to pay, you have to Pay.
The problem that I see is a lack of preparation.
## Do we have crypto accounts to pay the Ransomware in?
## Can we pay them in crypto accounts?
## Do we have (Crypto) bank accounts?
## Can we come up with a large sum of $15 to $50 million in crypto in a short period?
## After paying it and getting the company back in the hands of the hackers, is it the postmortem?
## Who’s communicating to the public?
## Is it a CEO, or is it the board’s Chairman?
## How is the board & the Audit Committee involved in forensic analysis?
## Do you know outside consultants who are getting involved in?
And that how many reports do you need. I’ve seen and recommended the Audit Committee Chair and the board members actively participating in some of those sessions. Now the more layers you have, the more complicated it gets.
When I say more layers, you know uh the CIO, the CISO, the CEO these are important people the legal council but the more people involved (adds red tape layer) you put, the more it gets complicated I think you need to streamline certain visibility to such information now regarding the Chinese laws the hardest privacy laws ever passed uh modeling and behind the European Union GDPR, the Chinese privacy laws that got passed uh or a week ago going to be enacted November 1st.
Any company operating in China has to be very careful about Chinese citizens’ information, you know, artificial intelligence facial recognition, even big they’re going to be big alerts. I mean, this came about I was having this conversation about from after the Equifax um, and blamed the Chinese for it you know the largest hacking but software patches, so it gets complicated, but there are possibilities, and now even with supply chain ransomware you have to talk about your vendors; vendors you know your third party fourth-party vendors that you have to be involved.
Contact me, and we can collaborate!