ONG-ISAC Tech Talk: “Off Network Ransomware – A Quantitative Risk Assessment Example”

Presentation Abstract:

The pandemic caused an almost instant switch from working in an office to remote working at home. All of the pundits seem to universally agree that working from home is far more risky than working at the office. But is this “fact” really true? This presentation provided an overview of qualitative and quantitative risk assessment (QRA) and Factor Analysis of Information Risk (FAIR) before going through an example of QRA looking at ransomware with devices on and off network. The conclusion was interesting in that one finds the incidence of attack higher outside than inside (as one would expect), but if the compromised machine stays off the network, the incident magnitude is actually less than an internal infection because no other corporate machines are on the person’s home network.

Speaker: ONG-ISAC Member