Ransomware Quiz - Part 2

Implement an automated patch management system to regularly update all systems.

Perform manual patching of critical systems every six months.

Apply patches only when a vulnerability has been identified in the bank's environment.

Disable automatic updates to avoid potential disruptions to banking services.

Conduct regular ransomware tabletop exercises to test and improve the incident response plan.

Review the incident response plan annually and update it based on recent threats.

Assign a dedicated response team to handle all cybersecurity incidents without additional testing.

Focus on preventing ransomware entirely to avoid the need for response testing.

Implement multi-factor authentication (MFA) for all critical systems.

Require employees to change their passwords every 90 days.

Restrict access to critical systems based on seniority.

Assign shared accounts for teams working on sensitive systems.

Establish clear escalation protocols and designate a single point of contact for incident reporting.

Require all employees to report suspicious activities directly to the CEO.

Wait until the full scope of an incident is understood before escalating it.

Report incidents only after containment is complete to avoid unnecessary alarm.

Perform regular security audits and assessments of all third-party vendors.

Require vendors to self-certify compliance with cybersecurity policies.

Limit vendor access to the network only during business hours.

Avoid working with vendors who require access to sensitive systems.

Subscribe to a threat intelligence service to receive updates on emerging ransomware threats and Indicators of Compromise (IoCs).

Rely on publicly available cybersecurity alerts to monitor potential ransomware threats.

Regularly scan news websites for information about recent ransomware trends.

Avoid external threat intelligence services and rely solely on internal monitoring.

Verify all users and devices, regardless of their location, before granting access to resources.

Automatically trust employees using corporate devices on the internal network.

Grant network access to trusted partners and vendors without additional authentication.

Use static rules to control access based on IP addresses and geographic locations.

Enable automated threat containment to isolate affected systems as soon as malicious activity is detected.

Automate all decisions during an incident to reduce response times.

Use automation only for generating reports after an incident is resolved.

Avoid automation, as it could lead to false positives and disrupt operations.

Require vendors to adhere to the bank's cybersecurity standards and conduct regular audits.

Limit vendor access to systems critical to the bank's operations.

Assume that established vendors already have adequate cybersecurity controls in place.

Prohibit vendors from using cloud services for operations involving the bank.

Establish a dedicated cybersecurity committee to oversee security policies and incident response plans.

Assign the IT department sole responsibility for cybersecurity governance.

Review cybersecurity policies only after a significant incident occurs.

Delegate cybersecurity governance to external consultants.