Chapter 4 update
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
1 / 36
Q1
Your selection of agree means that you understand your rights listed above and agree to participate in this study.
Yes
Q2
What are the impediments for the application of ransomware-specific preventative controls by small business owners?
What preventive measures is your organization adopting against
ransomware?
We provide technologies by Macafee and user awareness.
How would describe your organization’s preparedness to curb
ransomware?
Use awareness on red flag like blindly opening up emails and clicking links.
What are the physical, administrative and technical barriers to
ransomware prevention in your organization
Ensuring that users are not only are educated but they are using what they learned. Also ensuring that vendors have the right type of technology to look for the latest ransomware.
Q3
What are the impediments for the application of ransomware-specific detective controls by small business owners?
How would you describe your organization’s security event log
checking?
Automated and scrubbed by splunk.
What are the weaknesses of your systems in detecting network
intrusion?
Definitions and bandwidth capacity
How would you describe the effectiveness and weaknesses of
your system in detecting malicious codes?
7 out of 10
#1#1 COMPLETECOMPLETE
Collector:Collector: Web Link 1 Web Link 1 (Web Link)(Web Link) Started:Started: Tuesday, August 30, 2022 8:11:16 PMTuesday, August 30, 2022 8:11:16 PM Last Modified:Last Modified: Tuesday, August 30, 2022 8:25:39 PMTuesday, August 30, 2022 8:25:39 PM Time Spent:Time Spent: 00:14:2200:14:22 IP Address:IP Address: 166.205.147.141166.205.147.141
Page 1: Consent Letter
Page 2: A Qualitative Study on the Impediments to the Application of Preventative, Detective, and Corrective
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
2 / 36
Q4
What are the impediments for the application of ransomware-specific corrective controls by small business owners?
How do you define the firm’s effectiveness in adopting the
automatic threat removal?
Very aggressive
After your previous attack, what weaknesses did you identify
regarding correcting the problem?
Virus definition update failure. Always check to make sure it applied.
What are the inadequacies of your organization’s recovery
plans?
Mostly it would be the down time to recover.
What measures is the firm considering to prohibit the future
attacks?
Have the right security team in place and also user education.
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
3 / 36
Q1
Your selection of agree means that you understand your rights listed above and agree to participate in this study.
Yes
Q2
What are the impediments for the application of ransomware-specific preventative controls by small business owners?
What preventive measures is your organization adopting against
ransomware?
Yearly mandatory training
How would describe your organization’s preparedness to curb
ransomware?
Periodically send emails that could potentially lead to ransomware to check the employees knowledge
What are the physical, administrative and technical barriers to
ransomware prevention in your organization
Email and content filters in place to catch spam, phishing, and ransomware style emails. Using cloud based storage so no critical information is stored directly on machines
Q3
What are the impediments for the application of ransomware-specific detective controls by small business owners?
How would you describe your organization’s security event log
checking?
Event logs are monitored daily
What are the weaknesses of your systems in detecting network
intrusion?
Insider threats
How would you describe the effectiveness and weaknesses of
your system in detecting malicious codes?
The controls in place are effective but with the ever- changing environment in the World of IT we struggle to keep up with the latest trends and have to make business decisions based on the financial commitments we have as a small business.
#2#2 COMPLETECOMPLETE
Collector:Collector: Web Link 1 Web Link 1 (Web Link)(Web Link) Started:Started: Wednesday, August 31, 2022 8:27:40 AMWednesday, August 31, 2022 8:27:40 AM Last Modified:Last Modified: Wednesday, August 31, 2022 8:40:11 AMWednesday, August 31, 2022 8:40:11 AM Time Spent:Time Spent: 00:12:3000:12:30 IP Address:IP Address: 166.205.147.22166.205.147.22
Page 1: Consent Letter
Page 2: A Qualitative Study on the Impediments to the Application of Preventative, Detective, and Corrective
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
4 / 36
Q4
What are the impediments for the application of ransomware-specific corrective controls by small business owners?
How do you define the firm’s effectiveness in adopting the
automatic threat removal?
Very effective
After your previous attack, what weaknesses did you identify
regarding correcting the problem?
Haven’t had an attack
What are the inadequacies of your organization’s recovery
plans?
Insider threat where an employee moves important documents to there local machine instead of keeping them on the cloud server
What measures is the firm considering to prohibit the future attacks?
Despite not being attacked we are committed to yearly training for our employees
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
5 / 36
Q1
Your selection of agree means that you understand your rights listed above and agree to participate in this study.
Yes
Q2
What are the impediments for the application of ransomware-specific preventative controls by small business owners?
What preventive measures is your organization adopting against
ransomware?
User awareness and training, backup of critical information, segregation of networks to protect sensitve information, documentation of standard operating procedures
How would describe your organization’s preparedness to curb
ransomware?
Organization's personnel are continually reminder that information security is everyone responsbility by placing flyers in stragetic locations
What are the physical, administrative and technical barriers to ransomware prevention in your organization
Lack of knowledge to properly utilize some of the tools/software necessary, financial and manpower resources are limited, necessary documentation may not exist
Q3
What are the impediments for the application of ransomware-specific detective controls by small business owners?
How would you describe your organization’s security event log checking?
Personnel are inundated with the overwhelming number of logs that need to be checked
What are the weaknesses of your systems in detecting network intrusion?
No security devices implemented within the environment to aggregrate and correlate all logs within a centralized location
How would you describe the effectiveness and weaknesses of
your system in detecting malicious codes?
There is no system in place that can effectively increase the efficiency of detecting malicious code
#3#3 COMPLETECOMPLETE
Collector:Collector: Web Link 1 Web Link 1 (Web Link)(Web Link) Started:Started: Wednesday, August 31, 2022 8:04:38 PMWednesday, August 31, 2022 8:04:38 PM Last Modified:Last Modified: Wednesday, August 31, 2022 8:44:48 PMWednesday, August 31, 2022 8:44:48 PM Time Spent:Time Spent: 00:40:0900:40:09 IP Address:IP Address: 108.18.158.220108.18.158.220
Page 1: Consent Letter
Page 2: A Qualitative Study on the Impediments to the Application of Preventative, Detective, and Corrective
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
6 / 36
Q4
What are the impediments for the application of ransomware-specific corrective controls by small business owners?
How do you define the firm’s effectiveness in adopting the
automatic threat removal?
The progress to implement effective automated operations for the removal of threat has been impeded
After your previous attack, what weaknesses did you identify
regarding correcting the problem?
Documentation of policies and procedures have either been outdated or missing vitial information
What are the inadequacies of your organization’s recovery
plans?
The recovery plans were essentially non-existent and has to be documented and approved.
What measures is the firm considering to prohibit the future
attacks?
Conduct a Security Impact Analysis determine the extent to which a change to the information system may have affected the security posture of the system
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
7 / 36
Q1
Your selection of agree means that you understand your rights listed above and agree to participate in this study.
Yes
Q2
What are the impediments for the application of ransomware-specific preventative controls by small business owners?
What preventive measures is your organization adopting against
ransomware?
Only responding to encrypted messages outside of our domain/network.
How would describe your organization’s preparedness to curb
ransomware?
Highly prepared having used the DoD software for early detection.
What are the physical, administrative and technical barriers to
ransomware prevention in your organization
Using unsecured websites and new employees not being equipped on what to look out for. We try and provide training to show how ransomeware works and how it can effect a company.
Q3
What are the impediments for the application of ransomware-specific detective controls by small business owners?
How would you describe your organization’s security event log
checking?
Through the DoD systems, we are alerted of potential attacks before they actually come about. They are checked around the clock.
What are the weaknesses of your systems in detecting network intrusion?
Not being able to detect imitation or mirrored accounts that look similar to the person who is being copied.
How would you describe the effectiveness and weaknesses of your system in detecting malicious codes?
It’s really effective because it detects and prevents most malicious codes before they actually reach account holders by blocking them.
#4#4 COMPLETECOMPLETE
Collector:Collector: Web Link 1 Web Link 1 (Web Link)(Web Link) Started:Started: Wednesday, August 31, 2022 8:40:09 PMWednesday, August 31, 2022 8:40:09 PM Last Modified:Last Modified: Wednesday, August 31, 2022 8:55:01 PMWednesday, August 31, 2022 8:55:01 PM Time Spent:Time Spent: 00:14:5200:14:52 IP Address:IP Address: 68.134.110.4468.134.110.44
Page 1: Consent Letter
Page 2: A Qualitative Study on the Impediments to the Application of Preventative, Detective, and Corrective
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
8 / 36
Q4
What are the impediments for the application of ransomware-specific corrective controls by small business owners?
How do you define the firm’s effectiveness in adopting the
automatic threat removal?
Always looking to improve all levels of security, we take all measures to ensure that new systems are better than what we currently have by test and trial analysis.
After your previous attack, what weaknesses did you identify regarding correcting the problem?
Have not experienced an attack yet.
What are the inadequacies of your organization’s recovery plans?
We try to keep data off of our personal work space and upload everything in the cloud to prevent any accidental loss of data.
What measures is the firm considering to prohibit the future
attacks?
Staying in alignment with the DoD software and keeping data stored in the cloud.
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
9 / 36
Q1
Your selection of agree means that you understand your rights listed above and agree to participate in this study.
Yes
Q2
What are the impediments for the application of ransomware-specific preventative controls by small business owners?
What preventive measures is your organization adopting against
ransomware?
Internal security drills and training for employees
How would describe your organization’s preparedness to curb
ransomware?
Training for the employee’s to recognize potential threats
What are the physical, administrative and technical barriers to
ransomware prevention in your organization
None
Q3
What are the impediments for the application of ransomware-specific detective controls by small business owners?
How would you describe your organization’s security event log
checking?
A third-party application in real time collects this data in an organization archive
What are the weaknesses of your systems in detecting network
intrusion?
None
How would you describe the effectiveness and weaknesses of
your system in detecting malicious codes?
Very effective with detecting zero day vulnerabilit
#5#5 COMPLETECOMPLETE
Collector:Collector: Web Link 1 Web Link 1 (Web Link)(Web Link) Started:Started: Wednesday, August 31, 2022 8:15:30 PMWednesday, August 31, 2022 8:15:30 PM Last Modified:Last Modified: Wednesday, August 31, 2022 9:13:47 PMWednesday, August 31, 2022 9:13:47 PM Time Spent:Time Spent: 00:58:1600:58:16 IP Address:IP Address: 174.216.147.23174.216.147.23
Page 1: Consent Letter
Page 2: A Qualitative Study on the Impediments to the Application of Preventative, Detective, and Corrective
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
10 / 36
Q4
What are the impediments for the application of ransomware-specific corrective controls by small business owners?
How do you define the firm’s effectiveness in adopting the
automatic threat removal?
Very effective as there are on-site vendors to support the applications
After your previous attack, what weaknesses did you identify
regarding correcting the problem?
N/a no attack
What are the inadequacies of your organization’s recovery
plans?
Available resources
What measures is the firm considering to prohibit the future
attacks?
Insider threat training
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
11 / 36
Q1
Your selection of agree means that you understand your rights listed above and agree to participate in this study.
Yes
Q2
What are the impediments for the application of ransomware-specific preventative controls by small business owners?
What preventive measures is your organization adopting against
ransomware?
Training to make members aware of threats.
How would describe your organization’s preparedness to curb
ransomware?
An aggressive posture with recurring training and reminders.
What are the physical, administrative and technical barriers to
ransomware prevention in your organization
Barriers include firewalls, system scans, and training
Q3
What are the impediments for the application of ransomware-specific detective controls by small business owners?
How would you describe your organization’s security event log
checking?
Security event logs must be timely, accurate, and relevent
What are the weaknesses of your systems in detecting network
intrusion?
Weakness can include security patches and updates not being conducted as scheduled/required.
How would you describe the effectiveness and weaknesses of
your system in detecting malicious codes?
Ensuring a system receives security updates can be key to an effective malicious code detection posture.
#6#6 COMPLETECOMPLETE
Collector:Collector: Web Link 1 Web Link 1 (Web Link)(Web Link) Started:Started: Wednesday, August 31, 2022 9:53:58 PMWednesday, August 31, 2022 9:53:58 PM Last Modified:Last Modified: Wednesday, August 31, 2022 10:43:26 PMWednesday, August 31, 2022 10:43:26 PM Time Spent:Time Spent: 00:49:2800:49:28 IP Address:IP Address: 73.135.2.873.135.2.8
Page 1: Consent Letter
Page 2: A Qualitative Study on the Impediments to the Application of Preventative, Detective, and Corrective
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
12 / 36
Q4
What are the impediments for the application of ransomware-specific corrective controls by small business owners?
How do you define the firm’s effectiveness in adopting the
automatic threat removal?
An automatic threat removal process helps to eliminate the risks associated with human effor.
After your previous attack, what weaknesses did you identify
regarding correcting the problem?
A major weakness is not knowing the correct actions to take once an attack has occurred and ensuring the processes are followed.
What are the inadequacies of your organization’s recovery plans?
Inadequacies include location (distance) and resource limitations
What measures is the firm considering to prohibit the future attacks?
One measure that must be in place is one a appropriateness. one size does not fit all.
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
13 / 36
Q1
Your selection of agree means that you understand your rights listed above and agree to participate in this study.
Yes
Q2
What are the impediments for the application of ransomware-specific preventative controls by small business owners?
What preventive measures is your organization adopting against
ransomware?
We install firewalls and virus protection software
How would describe your organization’s preparedness to curb
ransomware?
Somewhat prepared but not a primary focus
What are the physical, administrative and technical barriers to
ransomware prevention in your organization
not enough qualified personal
Q3
What are the impediments for the application of ransomware-specific detective controls by small business owners?
How would you describe your organization’s security event log
checking?
It is very good
What are the weaknesses of your systems in detecting network
intrusion?
Not aware of any
How would you describe the effectiveness and weaknesses of
your system in detecting malicious codes?
Very good
#7#7 COMPLETECOMPLETE
Collector:Collector: Web Link 1 Web Link 1 (Web Link)(Web Link) Started:Started: Wednesday, August 31, 2022 10:59:17 PMWednesday, August 31, 2022 10:59:17 PM Last Modified:Last Modified: Wednesday, August 31, 2022 11:10:06 PMWednesday, August 31, 2022 11:10:06 PM Time Spent:Time Spent: 00:10:4800:10:48 IP Address:IP Address: 71.179.28.14671.179.28.146
Page 1: Consent Letter
Page 2: A Qualitative Study on the Impediments to the Application of Preventative, Detective, and Corrective
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
14 / 36
Q4
What are the impediments for the application of ransomware-specific corrective controls by small business owners?
How do you define the firm’s effectiveness in adopting the
automatic threat removal?
It is the best method
After your previous attack, what weaknesses did you identify
regarding correcting the problem?
Have not had any
What are the inadequacies of your organization’s recovery
plans?
Not enough practice time
What measures is the firm considering to prohibit the future
attacks?
Better firewall protection
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
15 / 36
Q1
Your selection of agree means that you understand your rights listed above and agree to participate in this study.
Yes
Q2
What are the impediments for the application of ransomware-specific preventative controls by small business owners?
What preventive measures is your organization adopting against
ransomware?
We have intrusion protection systems in place to prevent attacks from outside the network. We have AES- 128 level encryption on all nodes of our network. Finally we have file level access control and file encryption protocols that require our TPM.
How would describe your organization’s preparedness to curb ransomware?
We are as prepared as we can afford to be, our biggest concern is the price of the tools needed and the manpower to utilize those tools.
What are the physical, administrative and technical barriers to
ransomware prevention in your organization
We are currently at the best posture that we can afford, and we accept the residual risk to our network. Physically, we are relatively secure, but ransomewhere is not a overtly physical attack. Administrative and technical barriers come down to cost. We strive to keep the security of our network commensurate with the value of the data on the network. As data becomes more valuable, the need to increase expenditures to match become more difficult. With new available tools, you need an icrease in personnel, or extensive training to utilize the tool appropriately.
#8#8 COMPLETECOMPLETE
Collector:Collector: Web Link 1 Web Link 1 (Web Link)(Web Link) Started:Started: Wednesday, August 31, 2022 11:23:45 PMWednesday, August 31, 2022 11:23:45 PM Last Modified:Last Modified: Thursday, September 01, 2022 12:06:29 AMThursday, September 01, 2022 12:06:29 AM Time Spent:Time Spent: 00:42:4300:42:43 IP Address:IP Address: 173.69.183.150173.69.183.150
Page 1: Consent Letter
Page 2: A Qualitative Study on the Impediments to the Application of Preventative, Detective, and Corrective
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
16 / 36
Q3
What are the impediments for the application of ransomware-specific detective controls by small business owners?
How would you describe your organization’s security event log
checking?
Our intrusion pretection system contains detection technology, when an intrusion is detected, a notificaiton is sent to our network administrator. The administrator will then review the logs and decide our best course of action. Ransomeware is only on attack we are vigilant about.
What are the weaknesses of your systems in detecting network
intrusion?
The mechanisms we have in place are the best of class for our size of business. It is not as robust as some enterprise lever solutions, and it does not have all of the features as well. We also have limited manpower, so the weakness is we have a single point of failure in terms of if our network engineer is not available we may not be advised of an attack in a timely manner.
How would you describe the effectiveness and weaknesses of your system in detecting malicious codes?
Our solution maintains malicous code signatures and is updated on a regular basis as soon as the tool send new signatures. For the most part, signatures are shared by all malcious code solutions, and our tool get updated regularly by the vendor.
Q4
What are the impediments for the application of ransomware-specific corrective controls by small business owners?
How do you define the firm’s effectiveness in adopting the
automatic threat removal?
We have our server set up to require admin access to run code. We also have our files configured to only encrypt with the servers TPM.
After your previous attack, what weaknesses did you identify regarding correcting the problem?
One of weaknesses identified by one of our recent tabletop excersized was our back-up procedure was not as robust as needed to satisfy our postrue. Since then we have augmented our back-up procudres to satisfy our needed posture.
What are the inadequacies of your organization’s recovery
plans?
Due to the size of our company, our manpower is limited. Everyone wears multiple hats, and due to the stress of securing our network, we have chances of burnout from our team. Also, size also means we have many single points of failure.
What measures is the firm considering to prohibit the future attacks?
We provide awareness training, conduct tabletop excercises, and enhanced role based training for incident response personnel.
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
17 / 36
Q1
Your selection of agree means that you understand your rights listed above and agree to participate in this study.
Yes
Q2
What are the impediments for the application of ransomware-specific preventative controls by small business owners?
What preventive measures is your organization adopting against
ransomware?
Good Cyber hygiene policies.
How would describe your organization’s preparedness to curb
ransomware?
Very effective which includes employee training, recognizing insider threats and effective cyber policies.
What are the physical, administrative and technical barriers to
ransomware prevention in your organization
Physical barriers are secured piv controlled access Administrative: patch management, firmware updates and firewalls Technical Cyber policies
Q3
What are the impediments for the application of ransomware-specific detective controls by small business owners?
How would you describe your organization’s security event log checking?
This is controlled by the systems owner of each system
What are the weaknesses of your systems in detecting network intrusion?
Having multiple systems performing this operation
How would you describe the effectiveness and weaknesses of your system in detecting malicious codes?
Our systems are very effective using multiple vendors to detect malicious codes, enhanced cyber policies and working closely with the vendor to recognize zero day vulnerabilities
#9#9 COMPLETECOMPLETE
Collector:Collector: Web Link 1 Web Link 1 (Web Link)(Web Link) Started:Started: Thursday, September 01, 2022 1:03:12 AMThursday, September 01, 2022 1:03:12 AM Last Modified:Last Modified: Thursday, September 01, 2022 11:45:03 AMThursday, September 01, 2022 11:45:03 AM Time Spent:Time Spent: 10:41:5010:41:50 IP Address:IP Address: 172.58.187.79172.58.187.79
Page 1: Consent Letter
Page 2: A Qualitative Study on the Impediments to the Application of Preventative, Detective, and Corrective
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
18 / 36
Q4
What are the impediments for the application of ransomware-specific corrective controls by small business owners?
How do you define the firm’s effectiveness in adopting the
automatic threat removal?
This is 80 percent completed as there are false positives being worked
After your previous attack, what weaknesses did you identify
regarding correcting the problem?
Vendor inability to recognize zero day vulnerabilities
What are the inadequacies of your organization’s recovery
plans?
Getting the vendor of the application and the security application to work together
What measures is the firm considering to prohibit the future
attacks?
Implementing a cloud solution as a back up plan.
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
19 / 36
Q1
Your selection of agree means that you understand your rights listed above and agree to participate in this study.
Yes
Q2
What are the impediments for the application of ransomware-specific preventative controls by small business owners?
What preventive measures is your organization adopting against
ransomware?
Knowledge and budget
How would describe your organization’s preparedness to curb
ransomware?
Most organizations are not prepared for this type of attack .
What are the physical, administrative and technical barriers to
ransomware prevention in your organization
Annual training and removal of USB ports from laptops.
Q3
What are the impediments for the application of ransomware-specific detective controls by small business owners?
How would you describe your organization’s security event log
checking?
Most organizations only audit after an event happens.
What are the weaknesses of your systems in detecting network
intrusion?
False- positive not being confirmed
How would you describe the effectiveness and weaknesses of
your system in detecting malicious codes?
Very effective because we have redundant systems monitoring .
#10#10 COMPLETECOMPLETE
Collector:Collector: Web Link 1 Web Link 1 (Web Link)(Web Link) Started:Started: Thursday, September 01, 2022 8:11:31 PMThursday, September 01, 2022 8:11:31 PM Last Modified:Last Modified: Thursday, September 01, 2022 8:29:43 PMThursday, September 01, 2022 8:29:43 PM Time Spent:Time Spent: 00:18:1200:18:12 IP Address:IP Address: 98.117.222.23998.117.222.239
Page 1: Consent Letter
Page 2: A Qualitative Study on the Impediments to the Application of Preventative, Detective, and Corrective
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
20 / 36
Q4
What are the impediments for the application of ransomware-specific corrective controls by small business owners?
How do you define the firm’s effectiveness in adopting the
automatic threat removal?
Automation is always the best practice to eliminate human error.
After your previous attack, what weaknesses did you identify
regarding correcting the problem?
misconfigured systems, human error, unpatched systems and software flaws.
What are the inadequacies of your organization’s recovery
plans?
staff wasn't properly trained, ensure systems are patched and updated regularly.
What measures is the firm considering to prohibit the future
attacks?
Back up often, consider insurance, train users
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
21 / 36
Q1
Your selection of agree means that you understand your rights listed above and agree to participate in this study.
Yes
Q2
What are the impediments for the application of ransomware-specific preventative controls by small business owners?
What preventive measures is your organization adopting against
ransomware?
Yearly mandatory training
How would describe your organization’s preparedness to curb
ransomware?
Organization's personnel are continually reminder that information security is everyone responsbility by placing flyers in stragetic locations
What are the physical, administrative and technical barriers to ransomware prevention in your organization
Using unsecured websites and new employees not being equipped on what to look out for. We try and provide training to show how ransomeware works and how it can effect a company
Q3
What are the impediments for the application of ransomware-specific detective controls by small business owners?
How would you describe your organization’s security event log checking?
A third-party application in real time collects this data in an organization archive
What are the weaknesses of your systems in detecting network intrusion?
Weakness can include security patches and updates not being conducted as scheduled/required.
How would you describe the effectiveness and weaknesses of your system in detecting malicious codes?
Very good so far
#11#11 COMPLETECOMPLETE
Collector:Collector: Web Link 1 Web Link 1 (Web Link)(Web Link) Started:Started: Friday, September 02, 2022 9:34:14 AMFriday, September 02, 2022 9:34:14 AM Last Modified:Last Modified: Friday, September 02, 2022 9:40:12 AMFriday, September 02, 2022 9:40:12 AM Time Spent:Time Spent: 00:05:5700:05:57 IP Address:IP Address: 73.212.207.14573.212.207.145
Page 1: Consent Letter
Page 2: A Qualitative Study on the Impediments to the Application of Preventative, Detective, and Corrective
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
22 / 36
Q4
What are the impediments for the application of ransomware-specific corrective controls by small business owners?
How do you define the firm’s effectiveness in adopting the
automatic threat removal?
We have our server set up to require admin access to run code. We also have our files configured to only encrypt with the servers TPM.
After your previous attack, what weaknesses did you identify regarding correcting the problem?
Thankfully we have not had any as of yet
What are the inadequacies of your organization’s recovery plans?
Inadequacies include location (distance) and resource limitations
What measures is the firm considering to prohibit the future attacks?
Insider threat training, Staying in alignment with the DoD software and keeping data stored in the cloud.
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
23 / 36
Q1
Your selection of agree means that you understand your rights listed above and agree to participate in this study.
Yes
Q2
What are the impediments for the application of ransomware-specific preventative controls by small business owners?
What preventive measures is your organization adopting against
ransomware?
Consistently monitor for vulnerabilities. Regularly update systems with the appropriate security patches to ensure cybercriminals can’t take advantage of known flaws, gain access to networks, and distribute ransomware. Audit patching processes and evaluate technologies and policies that can make them more effective, leveraging automation whenever possible.
How would describe your organization’s preparedness to curb ransomware?
We take data backups seriously. We don’t just back up data daily. Always ensure you have thoroughly tested your ability to recover systems and data in the event of an attack. Consider removing critical assets to offline cold storage. Your backups are less vulnerable to attack if they’re disconnected from the network.
What are the physical, administrative and technical barriers to ransomware prevention in your organization
We Adopted a multi-factor authentication. Most ransomware gains access through the hijacking of static passwords. Enabling multi-factor authentication on accounts across the network can help you thwart attackers by requiring additional information. A phishing attack may net them a user’s credentials, but it won’t provide biometric data or the answer to a personal security question.
#12#12 COMPLETECOMPLETE
Collector:Collector: Web Link 1 Web Link 1 (Web Link)(Web Link) Started:Started: Friday, September 02, 2022 10:53:57 AMFriday, September 02, 2022 10:53:57 AM Last Modified:Last Modified: Friday, September 02, 2022 10:58:04 AMFriday, September 02, 2022 10:58:04 AM Time Spent:Time Spent: 00:04:0600:04:06 IP Address:IP Address: 73.212.207.14573.212.207.145
Page 1: Consent Letter
Page 2: A Qualitative Study on the Impediments to the Application of Preventative, Detective, and Corrective
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
24 / 36
Q3
What are the impediments for the application of ransomware-specific detective controls by small business owners?
How would you describe your organization’s security event log
checking?
We Monitor file activity. Implementing FAM can provide you with real-time and historical records of all file and folder activity on your network file shares. It enables you to quarantine infected users and devices in real- time, so you can block and investigate ransomware activities.
What are the weaknesses of your systems in detecting network
intrusion?
Insider Threats
How would you describe the effectiveness and weaknesses of
your system in detecting malicious codes?
Excellent
Q4
What are the impediments for the application of ransomware-specific corrective controls by small business owners?
How do you define the firm’s effectiveness in adopting the
automatic threat removal?
It helps to process threat data to better understand their attackers, respond faster to incidents, and proactively get ahead of a threat actor's next move.
After your previous attack, what weaknesses did you identify regarding correcting the problem?
Thank God we haven’t had any of these issues as of yet
What are the inadequacies of your organization’s recovery plans?
I would have to say the resources readily available
What measures is the firm considering to prohibit the future attacks?
Provide continuous security awareness training to ensure your employees follow good cyber hygiene practices on all devices — such as strong passwords and secure Wi-Fi connections and help them detect and react to the latest phishing techniques.
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
25 / 36
Q1
Your selection of agree means that you understand your rights listed above and agree to participate in this study.
Yes
Q2
What are the impediments for the application of ransomware-specific preventative controls by small business owners?
What preventive measures is your organization adopting against
ransomware?
We patch aggressively so vulnerabilities are eliminated and access routes are contained. We protect endpoints with tools that can automatically detect and respond to infections
How would describe your organization’s preparedness to curb
ransomware?
Use antivirus software at all times —and make sure it’s set up to automatically scan your emails and removable media (e.g., flash drives)
What are the physical, administrative and technical barriers to ransomware prevention in your organization
Raising awareness about ransomware is a baseline security measure. But it could only take one employee lowering their guard for an organization to be compromised. As training sessions have little influence over staff for every potential attack, it makes added security more imperative.
#13#13 COMPLETECOMPLETE
Collector:Collector: Web Link 1 Web Link 1 (Web Link)(Web Link) Started:Started: Thursday, September 01, 2022 11:32:55 AMThursday, September 01, 2022 11:32:55 AM Last Modified:Last Modified: Friday, September 02, 2022 1:39:49 PMFriday, September 02, 2022 1:39:49 PM Time Spent:Time Spent: Over a dayOver a day IP Address:IP Address: 73.172.203.8273.172.203.82
Page 1: Consent Letter
Page 2: A Qualitative Study on the Impediments to the Application of Preventative, Detective, and Corrective
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
26 / 36
Q3
What are the impediments for the application of ransomware-specific detective controls by small business owners?
How would you describe your organization’s security event log
checking?
Very aggressive, they are checked around the clock.
What are the weaknesses of your systems in detecting network
intrusion?
At this time, I am happy to report that there are no weakness detected.
How would you describe the effectiveness and weaknesses of
your system in detecting malicious codes?
Excellent, and very effective because it detects and prevents most malicious codes before they actually reach account holders by blocking them.
Q4
What are the impediments for the application of ransomware-specific corrective controls by small business owners?
How do you define the firm’s effectiveness in adopting the automatic threat removal?
An automatic threat removal process helps to eliminate the risks associated with human effort. Which will minimize error.
After your previous attack, what weaknesses did you identify
regarding correcting the problem?
Nothing to report at this time.
What are the inadequacies of your organization’s recovery
plans?
We have several plans in place on what to do before an attack to protect our critical business systems and during an attack to ensure a rapid recovery of our business operations.
What measures is the firm considering to prohibit the future
attacks?
Employees should be trained not to double-click on executables (files with a .exe extension). However, Windows hides file extensions by default, allowing a malicious executable such as “evil.doc.exe” to appear to be a Word document called “evil.doc”. Ensuring that extensions are always displayed can go a long way to countering that kind of threat.
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
27 / 36
Q1
Your selection of agree means that you understand your rights listed above and agree to participate in this study.
Yes
Q2
What are the impediments for the application of ransomware-specific preventative controls by small business owners?
What preventive measures is your organization adopting against
ransomware?
Not sure, this is handled by the franchise
How would describe your organization’s preparedness to curb
ransomware?
I have never really asked.
What are the physical, administrative and technical barriers to
ransomware prevention in your organization
This is all handles from the corporate leadership
Q3
What are the impediments for the application of ransomware-specific detective controls by small business owners?
How would you describe your organization’s security event log
checking?
I have never inquired.
What are the weaknesses of your systems in detecting network
intrusion?
Not sure because i have never inquired
How would you describe the effectiveness and weaknesses of
your system in detecting malicious codes?
Have never looked into it
#14#14 COMPLETECOMPLETE
Collector:Collector: Web Link 1 Web Link 1 (Web Link)(Web Link) Started:Started: Sunday, September 04, 2022 1:43:28 PMSunday, September 04, 2022 1:43:28 PM Last Modified:Last Modified: Sunday, September 04, 2022 1:49:37 PMSunday, September 04, 2022 1:49:37 PM Time Spent:Time Spent: 00:06:0900:06:09 IP Address:IP Address: 76.185.23.10776.185.23.107
Page 1: Consent Letter
Page 2: A Qualitative Study on the Impediments to the Application of Preventative, Detective, and Corrective
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
28 / 36
Q4
What are the impediments for the application of ransomware-specific corrective controls by small business owners?
How do you define the firm’s effectiveness in adopting the
automatic threat removal?
N/a
After your previous attack, what weaknesses did you identify
regarding correcting the problem?
Not aware of any previous attacks
What are the inadequacies of your organization’s recovery
plans?
N/a
What measures is the firm considering to prohibit the future
attacks?
N/a
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
29 / 36
Q1
Your selection of agree means that you understand your rights listed above and agree to participate in this study.
Yes
Q2
What are the impediments for the application of ransomware-specific preventative controls by small business owners?
What preventive measures is your organization adopting against
ransomware?
We ensure systems are configured with security in mind, because a Secure configuration setting can help limit your organization’s threat surface and close security gaps left over from default configurations.
How would describe your organization’s preparedness to curb
ransomware?
We use email filtering, because this reduces the number of potentially malicious emails coming your way
What are the physical, administrative and technical barriers to
ransomware prevention in your organization
We preach safe surfing, like malware in general, ransomware distribution is not limited to email. This type of infection can be spread by visiting rogue websites, downloading free software, and even connecting infected USB drives to your system.
Q3
What are the impediments for the application of ransomware-specific detective controls by small business owners?
How would you describe your organization’s security event log checking?
Our IT department monitors this 24/7.
What are the weaknesses of your systems in detecting network intrusion?
We regularly scan for weaknesses.
How would you describe the effectiveness and weaknesses of your system in detecting malicious codes?
Excellent, and very effective because it detects and prevents most malicious codes before they actually reach account holders by blocking them.
#15#15 COMPLETECOMPLETE
Collector:Collector: Web Link 1 Web Link 1 (Web Link)(Web Link) Started:Started: Sunday, September 04, 2022 3:35:00 PMSunday, September 04, 2022 3:35:00 PM Last Modified:Last Modified: Sunday, September 04, 2022 3:46:41 PMSunday, September 04, 2022 3:46:41 PM Time Spent:Time Spent: 00:11:4100:11:41 IP Address:IP Address: 73.172.203.8273.172.203.82
Page 1: Consent Letter
Page 2: A Qualitative Study on the Impediments to the Application of Preventative, Detective, and Corrective
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
30 / 36
Q4
What are the impediments for the application of ransomware-specific corrective controls by small business owners?
How do you define the firm’s effectiveness in adopting the
automatic threat removal?
We implemented an Intrusion Detection System (IDS) which looks for malicious activity by comparing network traffic logs to signatures that detect known malicious activity. A robust IDS will update signatures often and alert your organization quickly if it detects potential malicious activity.
After your previous attack, what weaknesses did you identify
regarding correcting the problem?
Not applicable at this time.
What are the inadequacies of your organization’s recovery
plans?
With so many employees working remotely, it’s harder for businesses to manage backups and store data on the corporate network. Encourage employees to be responsible and back up their data regularly. If an employee stores data on a local flash drive inserted into a laptop, that employee should back it up to the cloud or another hard drive. If employees store their data primarily in the cloud, they should be sure to have copies somewhere offline.
What measures is the firm considering to prohibit the future attacks?
It is wise to consider regular testing once your network is in tip-top shape. This includes network vulnerability testing, testing backups, and testing employees—people are often the weak link in the security chain. That’s why some businesses formulate strategies for testing employees. That could include sending fake phishing emails or even hiring companies to conduct mock social engineering scams. Whatever the case, testing should be a regular part of your security strategy.
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
31 / 36
Q1
Your selection of agree means that you understand your rights listed above and agree to participate in this study.
Yes
Q2
What are the impediments for the application of ransomware-specific preventative controls by small business owners?
What preventive measures is your organization adopting against
ransomware?
We limit the number of files an employee can access. Employees should only be able to access data and folders based on the principle of “least privilege.” This is the concept of only giving employees enough access to perform their required jobs. Least privilege can prevent workers from accidentally deleting or corrupting files they should never have had access to in the first place. Enforcing least privilege can significantly reduce the risk caused by human error.
How would describe your organization’s preparedness to curb ransomware?
We use a verity of antivirus software’s which allows for our files to be scanned continuously.
What are the physical, administrative and technical barriers to ransomware prevention in your organization
We are always testing our people and our systems. It is wise to consider regular testing once your network is in tip-top shape. This includes network vulnerability testing, testing backups, and testing employees—people are often the weak link in the security chain. That’s why some businesses formulate strategies for testing employees. That could include sending fake phishing emails or even hiring companies to conduct mock social engineering scams. Whatever the case, testing should be a regular part of your security strategy.
#16#16 COMPLETECOMPLETE
Collector:Collector: Web Link 1 Web Link 1 (Web Link)(Web Link) Started:Started: Sunday, September 04, 2022 9:45:13 PMSunday, September 04, 2022 9:45:13 PM Last Modified:Last Modified: Sunday, September 04, 2022 9:47:56 PMSunday, September 04, 2022 9:47:56 PM Time Spent:Time Spent: 00:02:4200:02:42 IP Address:IP Address: 71.121.214.19071.121.214.190
Page 1: Consent Letter
Page 2: A Qualitative Study on the Impediments to the Application of Preventative, Detective, and Corrective
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
32 / 36
Q3
What are the impediments for the application of ransomware-specific detective controls by small business owners?
How would you describe your organization’s security event log
checking?
Great as of now.
What are the weaknesses of your systems in detecting network
intrusion?
We regularly scan for weaknesses
How would you describe the effectiveness and weaknesses of
your system in detecting malicious codes?
Excellent, and very effective because it detects and prevents most malicious codes before they actually reach account holders by blocking them.
Q4
What are the impediments for the application of ransomware-specific corrective controls by small business owners?
How do you define the firm’s effectiveness in adopting the automatic threat removal?
A web application firewall (WAF) helps protect web applications by filtering and monitoring HTTP traffic to and from a web service. It's a key security element because it acts as the first line of defense against cyberattacks. As organizations execute new digital initiatives, they often expand the attack surface at the same time. New web applications and application programming interfaces (APIs) can be exposed to dangerous traffic because of web server vulnerabilities, server plugins, or other issues. A WAF helps keep these applications and the content they access secure.
After your previous attack, what weaknesses did you identify
regarding correcting the problem?
N/A
What are the inadequacies of your organization’s recovery
plans?
One of the most important defenses against ransomware is to have a robust backup strategy in place that includes off-site storage and regular testing of images and other saved data to ensure their integrity.
What measures is the firm considering to prohibit the future
attacks?
Organizations should also be aware of deception technology. Although it’s not a primary cybersecurity strategy, deception solutions can help protect systems if, despite all the other cybersecurity strategies you have in place, the bad actors still find a way in. With deception technology, decoys mimic the actual servers, applications, and data so that bad actors are tricked into believing they have infiltrated and gained access to the enterprise’s most important assets when in reality, they haven’t. This approach can be used to minimize damage and protect an organization’s true assets. In addition, deception technology can accelerate the average time to discover and address threats.
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
33 / 36
Q1
Your selection of agree means that you understand your rights listed above and agree to participate in this study.
Yes
Q2
What are the impediments for the application of ransomware-specific preventative controls by small business owners?
What preventive measures is your organization adopting against
ransomware?
Staff are limited to accessing different websites without prior approval, social media and personal email accounts. Network printers with fax capabilities are not allowed to have both functions active on the same device.
How would describe your organization’s preparedness to curb ransomware?
Our organization is well prepared ensuring that virus scanning and decryption software is updated regularly.
What are the physical, administrative and technical barriers to ransomware prevention in your organization
Training is provided to all staff who have access to the network to alert them on examples of ransomware and the steps they should take in the event an attack may be eminent.
Q3
What are the impediments for the application of ransomware-specific detective controls by small business owners?
What are the weaknesses of your systems in detecting network intrusion?
Due to the amount of alerts there can be issues with investigating them timely
How would you describe the effectiveness and weaknesses of your system in detecting malicious codes?
It is effective in that software is currently in place to track, prevent and detect malicious codes however, because email is one of the methods used to introduce these codes you are often dependent on individuals utilizing the network to pay attention and be more cautious when clicking on links and responding to emails which are often gateways to the network.
#17#17 COMPLETECOMPLETE
Collector:Collector: Web Link 1 Web Link 1 (Web Link)(Web Link) Started:Started: Wednesday, September 07, 2022 12:00:06 PMWednesday, September 07, 2022 12:00:06 PM Last Modified:Last Modified: Wednesday, September 07, 2022 4:17:37 PMWednesday, September 07, 2022 4:17:37 PM Time Spent:Time Spent: 04:17:3004:17:30 IP Address:IP Address: 71.121.214.19071.121.214.190
Page 1: Consent Letter
Page 2: A Qualitative Study on the Impediments to the Application of Preventative, Detective, and Corrective
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
34 / 36
Q4
What are the impediments for the application of ransomware-specific corrective controls by small business owners?
How do you define the firm’s effectiveness in adopting the
automatic threat removal?
Threats are removed more quickly making it less likely for us to be effected by them.
After your previous attack, what weaknesses did you identify
regarding correcting the problem?
We have not be attacked.
What are the inadequacies of your organization’s recovery
plans?
The length of time that it takes to return to normal operations
What measures is the firm considering to prohibit the future
attacks?
Implement monthly training for staff with a test that requires 80% pass rate to ensure staff are paying attention. Prohibiting the use of unencrypted flash drives and DVDS. Preventing staff from downloading software or files to their computers.
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
35 / 36
Q1
Your selection of agree means that you understand your rights listed above and agree to participate in this study.
Yes
Q2
What are the impediments for the application of ransomware-specific preventative controls by small business owners?
What preventive measures is your organization adopting against
ransomware?
Awareness,Prepare and Prevent
How would describe your organization’s preparedness to curb
ransomware?
I believe we are taking the necessary steps to becoming less vulnerable for ransomware
What are the physical, administrative and technical barriers to
ransomware prevention in your organization
Making sure the systems/network are updated and patches are applied as needed.
Q3
What are the impediments for the application of ransomware-specific detective controls by small business owners?
How would you describe your organization’s security event log
checking?
Around the clock event log checking help secure our company.
What are the weaknesses of your systems in detecting network
intrusion?
Most systems are vulnerable to zeroday attacks.
How would you describe the effectiveness and weaknesses of
your system in detecting malicious codes?
24 hour monitoring can be effective but system usually look for behavioral attacks which could be a weakness
#18#18 COMPLETECOMPLETE
Collector:Collector: Web Link 1 Web Link 1 (Web Link)(Web Link) Started:Started: Wednesday, September 07, 2022 10:45:44 PMWednesday, September 07, 2022 10:45:44 PM Last Modified:Last Modified: Wednesday, September 07, 2022 11:07:27 PMWednesday, September 07, 2022 11:07:27 PM Time Spent:Time Spent: 00:21:4300:21:43 IP Address:IP Address: 184.185.75.34184.185.75.34
Page 1: Consent Letter
Page 2: A Qualitative Study on the Impediments to the Application of Preventative, Detective, and Corrective
Copy of The Ongoing Threat of Ransomware on Small to Medium-Sized
Businesses
SurveyMonkey
36 / 36
Q4
What are the impediments for the application of ransomware-specific corrective controls by small business owners?
How do you define the firm’s effectiveness in adopting the
automatic threat removal?
Our IRT does a good job in Implementing policies and procedures in removing threats
After your previous attack, what weaknesses did you identify
regarding correcting the problem?
Strengthening WAF
What are the inadequacies of your organization’s recovery
plans?
N/A
What measures is the firm considering to prohibit the future
attacks?
Continue to educate and make sure systems are updated