David Stubley: CEOs and boards of directors should be asking CISO and internal information security team to ensure they don’t suffer the same fate. Stubley says organizations should review recent high-profile attacks to see if they run the same technology as the targeted organizations and ask if attackers did breach their organization, could they access sensitive, unencrypted data. He discusses the importance of ascertaining as quickly as possible how attackers infiltrated an organization; how ransomware is often the last phase of a longer intrusion; how attackers are re-infecting organizations that pay ransoms to demand further payoffs.”]
Source: https://www.cuinfosecurity.com/ransomware-school-learn-lessons-from-how-others-fail-a-10428