Hurricane Prep 101: How to Protect Your Data and Devices

When preparing for a hurricane, most of us think about securing our homes, gathering emergency supplies, and planning evacuation routes. But backing up your data and staying vigilant of scams after the storm are also crucial in planning. Below is your need-to-know guide to keeping your information safe as a storm approaches.

1. Back Up Important Data

Cloud Backups: Don’t let the storm take your valuable files with it. Use services like Google Drive, Dropbox, or OneDrive to back up essential documents, photos, and files. These platforms ensure that your data is stored securely offsite, safe from any physical damage to your devices.

External Hard Drives: Consider having a local backup. An encrypted external hard drive, stored in a waterproof container, is a great way to have a quick recovery option at hand if your cloud access is disrupted.

2. Use Battery Backup for Electronics

Uninterruptible Power Supplies (UPS): Power outages are almost guaranteed during a hurricane. To prevent sudden shutdowns and data loss, a UPS can keep your systems running just long enough to safely save your work and shut down your devices.

Backup Power Solutions: Portable power banks or generators can keep essential devices running for hours, or even days, if the power goes out.

3. Secure Devices and Networks

Update Software: Make sure all your devices—computers, smartphones, tablets—are running the latest security updates. These patches protect you from known vulnerabilities, especially in the chaos of a hurricane.

Enable Encryption: If your devices are lost, stolen, or damaged, encrypted data ensures that your information cannot be accessed without authorization.

4. Enable Multi-Factor Authentication (MFA)

Activate MFA: This extra layer of security can be the difference between keeping your accounts safe and exposing them. Even if a device is stolen, MFA ensures only you can access sensitive information.

5. Prepare for Offline Access

Download Critical Information: Have important documents, contact lists, and emergency information downloaded onto your device so that you can access them without an internet connection.

Offline Passwords: Many password managers offer offline access. Alternatively, consider keeping a physical list of crucial passwords, stored securely.

6. Plan for Communication Disruptions

Backup Internet Solutions: Mobile hotspots, satellite phones, or even pre-purchased data plans can keep you connected to loved ones, your workplace, or emergency services if power lines and Wi-Fi networks are down.

VPNs for Remote Work: If you plan to work remotely during the storm, double-check that your VPN is operational, and you can connect securely to your company’s network.

7. Be Wary of Cyber Scams Post-Storm

Phishing Attacks: In the aftermath of a hurricane, opportunistic scammers often send fake emails pretending to be from disaster relief agencies or charities. Be cautious about unsolicited requests for personal information.

Charity Scams: Make sure your donations go to legitimate organizations by checking that the charity is verified.

8. Secure Physical Devices

Waterproofing: Protect your physical devices, including laptops, hard drives, and other electronics, by sealing them in waterproof containers or bags.

Offsite Storage: If possible, store your most valuable tech equipment in a safer location out of the storm’s path.

9. Create a Cyber Response Plan

Critical Contact List: Have the numbers of your IT team, managed service provider, or relevant tech support ready. Post-storm recovery may require immediate assistance to mitigate damage.

Incident Response Plan: Ensure your organization has a solid plan for recovering data and restoring operations in the event of a system compromise.

10. Stay Updated with Alerts

Set Up Alerts: Sign up for notifications from trusted organizations like the National Weather Service (NWS) and the Cybersecurity and Infrastructure Security Agency (CISA). These alerts can provide real-time updates on both weather patterns and emerging cybersecurity threats.

It’s important to remember that cybercriminals will use catastrophic events to prey on victims’ emotions. Stay vigilant but most importantly stay safe.

OnDefend welcomes Aaron Rosenmund as Senior Director of Programs and Tradecraft.

With a passion for redefining cybersecurity strategy and prevention, Aaron brings extensive expertise in red teaming, threat emulation, and security testing.

In addition to his role as Senior Director of Programs and Tradecraft, Aaron will serve as the Program Director for the Independent Security Inspector program with TikTok USDS. He will lead teams to ensure the effectiveness of security measures for TikTok USDS, while driving innovation and implementing his strategic vision across OnDefend’s services and product offerings.

Learn a little more about Aaron and the expertise he brings in this one-on-one interview:

Q: What is your role at OnDefend?

In my role as Program Director, I’ll be working with the Independent Security Inspector team to ensure that TikTok USDS—formerly Project Texas— successfully separate U.S. data and the behavior of the U.S. application for all U.S. citizens from the ability for ByteDance, the owning company, to be able to manipulate it or have access to it. This is critical work, especially in today’s climate where privacy concerns are front and center.

What excites me is that we’re not just taking things at face value. We’re testing to ensure every control is functioning the way it should, providing confidence that U.S. data is protected.

Outside of that, my goal as Senior Director of Programs and Tradecraft is to help OnDefend focus on real-world cybersecurity testing. We have compliance, but we need to go beyond it. We need to test these systems in-depth and find the flaws before the bad guys do.

Q: How did you get started in cybersecurity?

It’s not the typical “I grew up coding” story. I actually started in construction, working with concrete grinders, but I realized that wasn’t for me. I invented robotics to automate those machines, and that’s how I fell in love with technology. From there, I joined the National Guard, where I focused on securing air operations systems.

After 9/11, protecting airspace became a top priority, and I helped build secure systems for that mission. The hands-on experience with automation and security sparked my interest in cybersecurity full-time.

Q: Can you walk us through some career highlights?

One of my proudest projects was creating mission defense teams for the Air Force. We were building secure systems, and I realized no one was testing them—no one was seeing if the protections we put in place were actually working.

I started emulating attackers, and that was when I knew this was where I wanted to focus my career.

More recently, at RSA, I presented research on using command and control that bypasses detection entirely. We figured out how to send data within packets, modulating information in a way that no existing defenses could detect. It was a game-changer and is something I’m still excited to be working on.

Q: What excites you most about joining OnDefend?

First and foremost, the people. I first met co-founder Ben Finke at a local B-Sides conference, and we hit it off because of our shared passion for giving back to the cybersecurity community.

What also drew me in is OnDefend’s mission of testing and validating security controls rather than just relying on compliance checkboxes.

That curiosity only grew when I learned about Blindspot, OnDefend breach and attack simulation solution which is doing exactly what I’ve been advocating for—simulating real-world attacks, identifying vulnerabilities in real time, and giving teams essentially ‘the answers to the test’ to fix these problems before they’re exploited.

We don’t just want to meet compliance standards; we want to ensure real-world defenses are in place and constantly working, a core message in OnDefend’s mission.

Q: Is there a project or accomplishment you’re particularly proud of?

There’s one project that stands out: my first RSA presentation. I demonstrated side-channel attacks using mechanical waves—essentially using a computer’s fan to transmit data.

It was like performing a magic trick on stage, and it worked flawlessly.

The audience was blown away by how we could exploit something as simple as a fan’s noise to leak sensitive information.

I took this 20-year-old computer with a graphics card in it and then I brought an Xbox Kinect, like one of the old school ones with the microphone array.

I set them up 30 feet apart from each other and then walked through how you would compromise a device like that and be able to, without having even administrative control, transmit data by changing the speed of the fan.

We had the whole room quiet.

I had them give me a phrase, and then we ran the code live and the fan’s just kind of going on and off and then that transmitted back to information that you could collect.

There’s no feeling quite like taking your own research and presenting it in a way that the whole room was amazed like I was doing this ‘magic trick’ when really it was just cybersecurity.

Q: What’s something people should know about you?

I’m still serving in the Air National Guard as a cyber warfare officer, contributing to offensive cybersecurity operations. It’s important for me to give back to the military and the country. The skills and experience I’ve gained on the civilian side directly help improve our national defense capabilities. There’s a real sense of duty in being part of something bigger.

Q: Where do you hope to see the state of cybersecurity in five years?

I’d love to see a shift where we prioritize real technical skills over just compliance. If we can test security controls every day and fix them in real-time, that’s where we need to be as an industry. Right now, there’s too much focus on checking boxes, and not enough on verifying that the systems are truly secure.

Q: Looking ahead, what would you like your legacy at OnDefend to be?

On the ISI side, I want to help build a team that can elevate their knowledge and capabilities above the attackers we’re emulating. It’s about outsmarting the threat actors.

I’m also focused on amplifying OnDefend’s approach at proactively validating security program. If we can inject that mindset of testing and validation into organizations, we’ll not only protect our clients but change the industry’s approach to staying secure.

Explore how OnDefend is reimagining security programs and going beyond compliance with experts like Aaron Rosenmund, bringing advanced threat emulation and real-world testing to protect organizations around the globe.

About OnDefend

OnDefend, established in 2016, stands at the forefront of preventative cybersecurity testing and advisory services, a reputation further enhanced by the introduction of its advanced Breach and Attack Simulation (BAS) Software as a Service (SaaS) platform, BlindSPOT. OnDefend is a trusted partner, empowering organizations globally to proactively combat real-world cyber threats. From ensuring compliance with industry standards to building out mature security programs, our mission is to ensure that the security resources our customers invest in are well-utilized, effective, and provide tangible results. For more information about their services and solutions, please visit http://www.ondefend.com/

OnDefend Media Contact:

Lauren Verno, Media@ondefend.com

904-299-3669

Former Department of Defense, Booz Allen & EY executive Wayne Loveless joins OnDefend as Managing Director of Strategic Services and Associate Program Director of the Independent Security Inspector program for TikTok USDS.

Wayne Loveless is a globally recognized cybersecurity engineer, strategist, and leader with more than 25 years of industry experience across the Government and Public Sector, Defense, Energy, Oil and Gas and Healthcare industries.

He has led and supported teams in the development of National Cybersecurity Strategies, development and implementation of large-scale enterprise cybersecurity programs, research and development, and cybersecurity engineering in government and private industry.

Interview with Wayne Loveless:

Q: What is your role at OnDefend?

” I get the exciting opportunity to support in the delivery of a key strategic project with the ISI team focusing on TikTok USDS security testing. This allows me to bring my global experience in delivering large scale cybersecurity programs in support of the overall objectives of the project, work in developing human capital, and drive high performing teams.

Additionally, I have another role in my capacity of Managing Director of Strategic Services, where I am working with the OnDefend Leadership to expand into new markets, industries, and geographies. Whether with core consulting services or new partnerships for OnDefend’s unique software and services, I get the opportunity to help supercharge the growth of services and clients on a global scale.”

Q: How did you get into cybersecurity?

” I started my career in cybersecurity as an active-duty U.S. Military member serving in both the United States Marines and the US Army. Following my nearly decade of service, I transitioned into supporting the US Department of Defense as a Cybersecurity Analyst with the DISA Field Security Office and the rest was history.”

Q: You have had quite an extensive career, tell me some highlight roles?

“As a consultant with leading companies such as Booz Allen Hamilton and Deloitte, I led strategic cybersecurity programs and security-oriented services with the DOD, US Navy, NSA, DOE, USMC, US Treasury Department, and the Department of Justice. Following my extensive government work, I moved to the Middle East where I led teams across the region in supporting cybersecurity programs in the Oil and Gas, Financial Services, and Government and Public sectors.

With Booz Allen Hamilton, I led the International Cybersecurity practice based out of Abu Dhabi, UAE and supported and led the development and implementation of National Cybersecurity Strategies, development of national cybersecurity agencies and capabilities, the development of national cybersecurity standards, and the design and implementation of cybersecurity detection and response capabilities at a national level. I joined EY MENA as a senior Partner leading the Government and Public Sector Cybersecurity Practice for the Africa, India, and Middle East region.”

In addition to working for major corporations and government agencies, I’ve had the opportunity to create numerous startups, functioned as a Global CISO and vCISO, and supported various entities as a Strategic Cybersecurity Executive Advisor. Which has led to some passion projects of mine, including being a contributor, published author, speaker, and sought out subject matter expert in the fields of cybersecurity and digital transformation.”

Q: Are there any projects you’ve worked on that stood out from the rest?

“One project I am most proud of was the development of a national cybersecurity strategy for a G20 country that established a new cybersecurity authority and regulatory scope across the public and private sector. Reporting directly to the head of state, the authority has grown to employ thousands of people in the cybersecurity field, creating new opportunities, particularly for women in the cybersecurity field as a very underrepresented group within the domain. The strategy and agency moved the country from the bottom of rankings for cybersecurity globally to one of the top 10 countries within three years, driving billions of dollars in investment and growth across the industry.”

Q: What are you most excited for in joining the OnDefend team?

” I have a passion for growth and taking on new challenges. Growing a small business and scaling new capabilities is a lifelong motivation. With OnDefend I have a unique opportunity to open new doors, expand service offerings, and bring new and exciting opportunities with a broad range of clients in international organizations and the Federal Government. This in turn helps grow not only the OnDefend portfolio of clients and cyber experts, but also the broader Jacksonville profile as an emerging cybersecurity hub in the southeast region.”

Explore OnDefend’s array of professional services, spanning from network penetration testing to tabletop exercises, and see firsthand how the OnDefend team can invigorate your security program.

About OnDefend

OnDefend Media Contact:

Lauren Verno, Vice President of Communications & Marketing

Media@ondefend.com

904-299-3669

AT&T Data Breach: What You Need to Know

OnDefend CEO Chris Freedman discusses the AT&T data breach with WJXT News4Jax.

You can watch the full interview here:

The Breach Details: The breach, which primarily involved data from 2022, impacted AT&T’s cellular customers, customers of mobile virtual network operators using AT&T’s wireless network, and landline customers who interacted with those cellular numbers. In total, approximately 109 million customer accounts were affected. AT&T has confirmed that the compromised data does not include the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information.

Nature of the Compromised Data: Although the data does not contain sensitive personal information or detailed usage specifics like call timestamps or customer names, there is a potential risk. AT&T acknowledged that publicly available online tools might be used to find names associated with specific telephone numbers.

Ransom Payment: In an unusual turn of events, AT&T reportedly paid a hacker over $370,000 to delete the stolen customer data. However, there is uncertainty about whether the payment went to the actual perpetrators of the breach.

OnDefend helps companies prepare for and defense against real-world threat. Click here to learn more about our Ransomware Defense Validation service which tests your defenses in depth against ransomware.

Story Originally aired on News4Jax: Data of nearly all AT&T customers downloaded from a third-party platform in security breach (news4jax.com)

TikTok U.S. Data Security Names Independent Security Inspectors as Part of Digital Integrity and Compliance Journey

Company announces new partnership with HaystackID and OnDefend to further security of the TikTok U.S. platform and app

CHICAGO and JACKSONVILLE, Fla. (June 26, 2024) – Today, TikTok U.S. Data Security Inc. (USDS) is further enhancing the security of TikTok users’ data and protection against cybersecurity threats by appointing HaystackID and OnDefend to serve as Independent Security Inspectors (ISIs) for USDS.

This new collaboration builds on TikTok USDS’ ongoing partnership with Oracle. In May 2022, TikTok created a new organization called TikTok U.S. Data Security (TikTok USDS) as part of its ongoing Project Texas Plan. This special purpose subsidiary is staffed by U.S.-based employees (with some exceptions in the U.K. and Australia to provide global coverage). USDS controls access to protected U.S. user data, content recommendation, and moderation systems in the secure Oracle Cloud. This structure brings heightened focus and governance to TikTok’s operations in the U.S. including data protection policies and content assurance protocols to keep U.S. users and their data safe and ensure users have an authentic experience on TikTok.

Expanding on this established focus, HaystackID and OnDefend with additional support from Mandiant Consulting will serve as the Independent Security Inspectors for USDS. This collaboration is designed to ensure the security and integrity of the TikTok app, its source code, user information, and the U.S. platform as a whole, highlighting TikTok USDS’s commitment to meeting stringent cybersecurity standards.

HaystackID is a specialized data services company solving business data challenges related to legal, compliance, regulatory, and cyber events. OnDefend is a trusted cybersecurity service provider helping organizations prepare for and defend against real-world threats. Mandiant Consulting is recognized by enterprises, governments, and law enforcement agencies worldwide as the market leader in threat intelligence and expertise gained on the frontlines of cybersecurity.

The ISIs will identify potential security risks to U.S. users through technical security testing and validation of the TikTok U.S. platform. This will be a continuous initiative, not a point in time assessment, as TikTok’s ability to deliver a seamless experience to its users is achieved through a sophisticated architecture involving hundreds of thousands of microservices.

“Through Project Texas, TikTok USDS is already well ahead of any peer companies in terms of how we secure users’ data and by providing unparalleled transparency by making our source code available to a third-party for review,” said Andy Bonillo, Head of TikTok-U.S. Data Security. “Keeping our users’ data safe involves constantly innovating and looking around corners for new threats. The partnership we’re announcing today will further our ability to anticipate and prevent emerging and sophisticated cybersecurity threats.”

“Supporting TikTok USDS in their critical mission to safeguard digital security marks a consequential affirmation of our efforts to enhance the cybersecurity standards and data protection efforts of our clients,” said Hal Brooks, CEO of HaystackID. “Our role as Independent Security Inspector is to provide comprehensive support in reinforcing TikTok USDS’s initiatives to maintain the highest levels of digital integrity. We are excited about the opportunity and look forward to contributing to this initiative with national security implications.”

Chris Freedman, CEO of OnDefend, discussed the proactive strategy implemented in this collaboration: “Our advanced security testing team, in conjunction with our proprietary Breach and Attack Simulation platform, BlindSPOT, will play a crucial role in identifying and addressing vulnerabilities within the TikTok application and network infrastructure. Moreover, our rigorous application and network penetration testing standards aim to ensure that the platform’s security strictly complies with national and global cybersecurity standards, identifying potential vulnerabilities while reinforcing trust and safety in the digital ecosystem.”

Price McDonald, Senior Manager, Mandiant Consulting added, “In this effort, our team is focused on providing security assessment services. Continuous penetration testing enables organizations to proactively manage their cyber risk in a rapidly changing threat landscape. This provides a number of benefits including early vulnerability detection, a reduced attack surface, and improved efficiency in responding to threats.”

Shawn Belovich, Senior Vice President of Digital Forensics and Cyber Incident Response at HaystackID and former Deputy Chief Information Security Officer at the White House, addressed the initiative’s alignment with national security priorities. “In my previous role at the White House, I had the opportunity to gain a comprehensive understanding of the intricacies of national security and data protection. I look forward to leveraging this experience. We are intensely focused on ensuring TikTok USDS’s infrastructure is not only secure but also in strict adherence to the heightened standards of cybersecurity and national security compliance directives.”

Read the release on the Tik Tok Newsroom

###

About HaystackID®

HaystackID solves complex data challenges related to legal, compliance, regulatory, and cyber events. Core offerings include Global Advisory, Data Discovery Intelligence, HaystackID Core® Platform, and AI-enhanced Global Managed Review powered by its proprietary platform, ReviewRight®. Repeatedly recognized as one of the world’s most trusted legal industry providers by prestigious publishers such as Chambers, Gartner, IDC, and Legaltech News, HaystackID implements innovative cyber discovery, enterprise solutions, and legal and compliance offerings to leading companies and legal practices around the world. HaystackID offers highly curated and customized offerings while prioritizing security, privacy, and integrity. For more information about how HaystackID can help solve unique legal enterprise needs, please visit HaystackID.com.

About OnDefend

—

OnDefend Media Contact:

Lauren Verno

Media@ondefend.com

904-299-3669

Haystack ID Media Contacts:

Carolyn Depko

carolyn@plat4orm.com

908-565-3709

Rob Robinson

pr@haystackid.com

512-934-7531

There’s been no shortage of headlines involving ransomware over the last few months.

Let’s dive into your ransomware roundup with OnDefend.

Behind the Scenes with a CISO: James Case, Baptist Health.

It’s only May, and we may have already witnessed the fallout from the biggest ransomware attack of the year. Change Healthcare is still grappling with significant challenges post-February’s breach. How does this impact other security leaders? We sat down with a CISO to gain an insider’s perspective and insights on the ransomware landscape.

Watch the Full Interview Here

OnDefend in the News

In this article for Forbes, OnDefend CTO Ben Finke breaks down five steps every organization should implement to prepare for an attack. They’re not necessarily difficult, but they are imperative for success.

Read: How To Prepare For A Ransomware Attack

—

What does negotiating with a ransomware criminal look like? OnDefend COO, Billy Steeghs, sat down with WJXT News4Jax for an in-depth discussion about “Cracking the code on negotiating with a cyber extortionist.”

Watch: Cracking the code on negotiating with a cyber extortionist

Customer Success

BlindSPOT simulates ransomware on hospital system to validate security controls.

Learn how this enterprise hospital system utilizes Ransomware Defense Validation powered by BlindSPOT, a breach and attack simulation solution to prove security controls are working effectively so hospitals can focus on what matter most: patient care.

Read Here: BlindSPOT Customer Success: Ransomware & Healthcare

Ransomware Defense Validation

A solution designed to test your defenses in depth.

A cyber pandemic.
Can you remember the last time you didn’t see a ransomware attack in the news? There is no industry these cybercriminals won’t attack.

While there’s no way to get rid of all the bad guys, the goal is to know you’ve done everything you can to protect your organization. At OnDefend, we’ve made your mission our mission.

Ransomware Defense Validation.

BlindSPOT Updates

Make sure you’re staying up to date on all of the new features released with the BlindSPOT newsletter.

What you may have missed: BlindSPOT Newsletter: April 2024

Alert Validation is live
Updated campaigns page
BDO Digital integrates BlindSPOT into security service

—

About OnDefend:

OnDefend, established in 2016, stands at the forefront of preventative cybersecurity testing and advisory services, a reputation further enhanced by the introduction of its advanced Breach and Attack Simulation (BAS) Software as a Service (SaaS) platform, BlindSPOT. OnDefend is a trusted partner, empowering organizations globally to proactively combat real-world cyber threats. From ensuring compliance with industry standards to building out mature security programs our mission is to ensure that the security resources our customers invest in are well-utilized, effective, and provide tangible results. For more information about their services and solutions, contact us.

Negotiating with a ransomware criminal.

The News4JAX I-TEAM is finding out what it’s like at the virtual negotiation table, going behind the curtain of the process with Billy Steeghs, Chief Operating Officer of OnDefend.

Originally Aired On: News4Jax

OnDefend enables companies to reduce risk against ransomware by testing and validating controls against the real-world strains. Discover how OnDefend empowered by BlindSPOT’s attack capabilities are supporting security programs through Ransomware Defense Validation.

Discover if your environment is prepared for a ransomware attack with OnDefend’s comprehensive Ransomware Defense Validation service. This multi-level assurance offering supports security leaders in reducing risk by simulating real-world ransomware threats to validate your security measures.

Learn More About Ransomware Defense Validation.

Ascension St. Vincent health system has temporarily halted some elective procedures, including tests and appointments, as they delve into a cybersecurity concern. Following the detection of unusual network activity yesterday, hospital officials are probing the incident and assessing the potential compromise of patient data.

Chris Freedman, CEO of OnDefend, sheds light on why hospitals remain a prime target for cybercriminals in an interview with Action News Jax.

You can watch the full interview here:

Story Originally aired on: Action News Jax. For more details, visit: https://www.actionnewsjax.com/news/local/ascension-cyberattack/3f21a506-bd2d-4cf2-8cd6-13443409e63e/

Welcome to our new series from OnDefend, where we delve into some of the most critical cybersecurity headlines.

We’re breaking down the Blackcat ransomware gang’s attack on Optum, the operator of the Change Healthcare platform.

OnDefend’s VP of Communications Lauren Verno sits down with James Case, CISO of Baptist Health Jacksonville, to get his insider perspective.

The Ransomware Attack:

The CEO of UnitedHealth Group, the parent company of Change Healthcare, Andrew Witty testified in front of a congressional committee on Wednesday, May 1st, 2024, about the details behind the February attack by the #BlackCat #ransomware gang. The hackers gained initial access through stolen credentials used on a Citrix portal that did not have multi-factor authentication enabled. It was revealed the threat actor used these compromised credentials to remotely access the company’s system for nine days before deploying the ransomware. During that time, the cybercriminals stole files containing sensitive patient information, including Protected Health Information (PHI) and Personally Identifiable Information (PII) of most Americans. Witty told Congress he took sole responsibility for the decision to pay the ransom, saying, ‘This was one of the hardest decisions I’ve ever had to make, and I wouldn’t wish it on anyone.’

Watch the Full Interview Here

Interview with James Case, Baptist Health Chief Information Security Officer (CISO):

Lauren: What goes through your head as a healthcare leader when you see an attack like this?

James Case: The entire healthcare industry is impacted. It’s a giant third party that affects thousands of companies and hospitals. There are backend processes that, if taken offline, prevent hospitals from accessing essential services like payment processing or authorizations. So, there’s a huge ongoing impact from that one company that was impacted, affecting the entire nation.

Lauren: Does that automatically spur a change in your own security program when something like this happens?

James Case: It’s a reminder—it’s third party risk—so maybe in our tabletops, it’s a reminder or feeds back into our feedback loop on scenarios to really tabletop. So, really tabletopping third party risk that we should all do more and more.

Lauren: Practice, practice, practice.

James Case: Practice and then find ways to improve, so it’s really both. And then education, right? It’s all the above.

Lauren: When you go into your security program and you talk to your people, what are you saying to them specifically about ransomware and what you guys should be doing without going into any specifics obviously.

James Case: Definitely prevention, but what we’ve learned over the last decade is that we also have to detect and respond, so we have to practice those. Practice finding things like tabletops, really practice responding, so we can move quicker, have muscle memory.

Lauren: Let’s talk about Ransomware and healthcare, they just go hand and hand at this point?

James Case: It’s the number one risk for most hospitals.

Lauren: It’s more impacting than people think, in what way?

James Case: The hospital itself, patients know their charts are gone so people are going back to paper and now that we’re in 2024, the whole phrase going back to paper is getting less and less real. Now we have more doctors and folks that have never used paper, so they’re going to paper for the first time, they’re going to downtime procedures. So, we can practice for it and drill for it but when you’re really doing patient care it’s different.

Lauren: What would you say is the number one concern when it comes to a ransomware threat?

James Case: Easy answer there, absolutely is the patient care.

Lauren: Why ransomware, why healthcare?

James Case: The answer is pretty easy there, it’s about the money. Healthcare is a pretty easy target and also healthcare is kind of behind. Like the financial sector is years ahead from a controls perspective and a regulatory perspective and way more financial resources. Going back to hospitals trying to break even or trying to make a 1% margin just to stay afloat, well then there’s not money to add to the budget and add more controls and add more technology to stop the attackers. So, it’s a tough balance.

Lauren: Overall, do you think we’ll ever beat out the bad guys?

James Case: There’s no answer to that, right? It’s always going to be cat and mouse. Just like there’s no way to eliminate all risk, there’s probably no way to eliminate all bad guys. All you can do is find risk and reduce it and hope that you’re not the next person.

Ransomware Defense Validation

Reduce risk by testing and validating controls against real-world ransomware threats, discover how OnDefend empowered by BlindSPOT’s attack capabilities are supporting security programs through Ransomware Defense Validation.

Get Started

OnDefend named the 37th fastest growing Gator business globally in 2024 by the University of Florida Alumni Association’s prestigious Gator100 program.

This recognition celebrates the achievements of alumni-led businesses worldwide and underscores the significant contributions of Gators in various industries.

Gator Leadership Driving Growth

Our remarkable journey of growth and innovation is in part due to OnDefend Co-Founder & CEO, Chris Freedman, a proud alumnus of the University of Florida with a BS degree from the class of 2001. Under Chris’s visionary leadership in partnership with co-founders Ben Finke & Billy Steeghs, OnDefend has surged forward in the highly competitive IT services industry, continuously expanding our reach and enhancing our offerings to meet the evolving needs of our clients.

About the Gator100

The Gator100 program annually acknowledges and honors the 100 fastest-growing Gator-owned or Gator-led businesses around the world. The selection criteria focus on sustained growth over a three-year period, making this recognition a testament to persistent excellence and performance.

Our Industry Impact

Operating from Jacksonville, FL, our focus has been on pioneering solutions that address complex challenges in cybersecurity. Our approach has not only fueled our growth but also positioned us as leaders within the tech community, propelling our company to the forefront of innovation.

A Word from Our CEO, Chris Freedman

“I am immensely proud of our team’s hard work and dedication. Being recognized as the 37th fastest growing Gator business is not just a reflection of our company’s success but also a testament to the robust foundation provided by the University of Florida. This honor reinforces our commitment to strive for excellence and to continue pushing the boundaries in securing our world against threats.”

This announcement is a proud moment for everyone associated with our company, and we look forward to building on this success with continued passion and perseverance.