cyber_wonk

Should we ban ransomware payments? Alternatively, should we just ban coverage of ransom payments in insurance policies?

It's often said that if organisations could just 'do the basics' (close RDP, MFA, patch etc.) it would make a big difference towards mitigating ransomware. Why do organisations find it so hard to do the basics and do we need to lower our expectations of what's possible?