Case Study: Robert Celinszky, CEO of The Celinszky Automotive Group (CAG), a chain of 25 dealerships across four southern states, has distributed a video to all members of the organization expressing his concern about the mounting threat of ransomware on the automotive sector. Although CAG has not yet suffered an attack, the CEO perceives ransomware as an existential threat to the organization. To help address the CEO`s call to action, CAG`s Chief Information Officer (CIO) authorized the hiring of additional staff. You have just started in a new position at CAG as a Cybersecurity Vulnerability Analyst (CVA).

As you settle in for your first full week of work, your manager drops by for a chat. She tells you that the CIO put her in charge of CAG`s ransomware preparation project. Her background is in traditional IT, but she has heard about ransomware in the news. She also mentioned that a family member was recently impacted during a hospital stay in which medical staff could not access health records. She`s eager for you to get started to avoid a similar situation at CAG. Your first task is to provide some background questions to help your manager get up to speed. She has asked for your ideas by the end of the day.

Questions: Choose one of the questions below. What would you communicate to your manager?

• What are the top three items you think CAG should prioritize for implementation to mitigate ransomware attacks?
• How would CAG know when a ransomware attack is underway or has already occurred?
• What actions can CAG take to limit a ransomware attack?