The more organizations STILL are not updating their software. FBI: Play ransomware breached 300 victims, including critical orgs
I stopped writing about ransomware a while back, because after a while, it was all the same. But here we are, years after I started on Ransomware, and not much has changed.
The warning comes as a joint advisory issued in partnership with CISA and the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC).
CISA is, of course, the Cybersecurity and Infrastructure Security Administration, which was named by the Department of Redundancy Department, and has a logo straight out of 1950. It is part of Homeland Security. But that is beside the point.
The mitigations are what they have always been.
This includes requiring multifactor authentication, maintaining offline backups of data, implementing a recovery plan, and keeping all operating systems, software, and firmware up to date.
So the same things that were recommended years ago. If you don't care enough about security to do basic things, like ensure that your software is up-to-date, why should anyone feel sorry for you when things go wrong? And they will go wrong. Oh, that's right. The people with no clue include folks running "critical infrastructure." They should be fired, or fined, or both. "Failure to manage" used to be a thing, when I was subject to audits.
No comments:
Post a Comment
Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.
Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.