Ransomware Prevention: Who Should Be Responsible? | State of Cybersecurity
Make sure you have capable cybersecurity professionals … if you don’t have the internal resources to do so, you should hire a capable consulting company advises Strive’s VP of Cybersecurity & Compliance, Dominick Birolin, CISSP, CISA.
In my experience throughout the utility industry, that varies with the emergence of Operational Technology or Industrial Control Systems Process IP, there’s a kind of mixed bag of what you’ll find throughout the utility and hierarchies and who reports to who.
Sometimes the operations reports to the COO, whereas IT Networks report up to the CISO or CIO. It doesn’t really matter the hierarchy, you just need to make sure that you have capable cybersecurity professionals and that you have a leadership that understands the risks and is committed to mitigating the threat.
If a company is unsure or they don’t have internal resources to do so, they should hire a capable consulting company or third party to validate with a Ransomware Readiness Assessment.