CEO's Blog

How Ransomware Works? What is the purpose of Board of Directors Chairs in ransomware cyberattacks incidents planning?

Biggest Mistakes 🔥 Board of Director Chairs 🔥 Make with Ransomware, Supply Chains, Chinese Data Laws

Spread the love

How does Ransomware work? Mistakes Board of Directors make with Ransomware

Hi, this is Yusuf,

I want to talk about continuing my conversation with the Chairman of the Board on Ransomware and the new Chinese privacy laws.

One of the biggest mistakes that I see is lack of preparation, you know sounds strange but yes lack of preparation um you know they have good (Cyber) incident plans some of it is documented some of this is not documented, and as Audit Committee Chairs and when things have ransomed the question of do we pay or not pay that’s really not the primary concern you as a board director your fiduciary duty is to make sure the enterprise is working on behalf of the shareholders so if that means you have to pay then you have to Pay.

The problem that I see is a lack of preparation.


Do we have crypto accounts to pay the Ransomware in?

Can we pay them in crypto accounts?

Do we have (Crypto) bank accounts?

Can we come up with a large sum amount of $15 to $50 million in crypto in a short span of time?


After that paying it and getting the company back in hands from the hackers is it really the postmortem?

Who’s communicating to the public?

Is it a CEO or is it the Chairman of the board?

How is the board & the Audit Committee involved in forensic analysis, you know outside consultants who are getting involved in?

And that how many reports do you need. I’ve seen and recommended the Audit Committee Chair and the board members actively participating in some of those sessions now the more layers you have the more complicated it gets.

When i say more layers you know uh the CIO the CISO the ceo these are important people the legal council but the more people involved (adds red tape layer) you put the more it gets complicated I think you need to streamline certain visibility to such information now regarding the Chinese laws the hardest privacy laws ever passed uh modeling and behind the European Union GDPR, the Chinese privacy laws that got passed uh or a week ago going to be enacted November 1st.

Any company operating in China have to be very careful about Chinese citizens information you know artificial intelligence facial recognition even big they’re going to be big alerts I mean this came about I was having this conversation really about from after the Equifax um and the Chinese were blamed for it you know the largest hacking but software patches so it gets complicated but there are possibilities and now even with supply chain ransomware you have to talk about your vendors; vendors you know your third party fourth-party vendors that you have to be involved with.

Contact me and we can collaborate together!

Have your say