Steve gave his OK, then the expedited approval process and monitored upper management for any red flags that might be raised.
Ready and Waiting
Approvals in hand, we informed our helpdesk staffers to prepare them for the inevitable onslaught of user calls. We sent out an e-mail message to tell all employees about the change, in layman's terms. And we updated our written security policies to reflect the new blocking policy.
Some of our users weren't exactly thrilled about the change. Our legal department, for example, receives most of its e-mail attachments in the password-protected archive file format, so those users suddenly found most of their files blocked. But once they understood the new policy and the reasons behind it, our users got into the habit of calling the helpdesk to retrieve valid files that were flagged and quarantined.
This latest attack was no picnic, but it did teach us several valuable lessons. First, don't expect systems, such as gateways and antivirus software, to catch every problem--they won't. Second, be willing to make policy changes on the fly--but only after assessing the potential impact on your users and your business. Third, empower your people to act swiftly in an emergency.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
