The problem addressed in this meta-synthesis was that many organizations have become or will become victims of massive data losses caused by ransomware attacks because ransomware security controls and data loss prevention are not prioritized during strategic planning. The study's conceptual framework was built upon the core principles that many of the ill-effects of data loss that may result from a cyberattack or data breach are preventable with the proper use of security controls that organizational leaders often fail to prioritize during strategic planning. In an effort to examine if strategically prioritizing malware and ransomware protection through the use of security controls and implementing specific recommended actions may reduce the effects of data loss on an organization, the following research questions were developed: What are the commonalities in causes of ransomware attacks that resulted in highly impactful data breaches for the organizations examined in this meta-synthesis multiple case study? What specific actions can organizations take to mitigate or reduce the effects of ransomware attacks? What recommendations can be made regarding effective controls, policies, and procedures for the mitigation of ransomware attacks to prevent data loss? This study used a qualitative research design based on meta-synthesis of six selected qualitative case studies, chosen for their newsworthiness and effects on both the victim organization and its affected customers, using a thematic synthesis approach in an effort to unite common cause and effect connections among them. From the analysis of the case studies, four themes emerged: a lack of strategic planning; the inability to recognize network anomalies; the lack of or misuse of security controls; and the consequences of not putting effort into mitigating the data breaches.Keywords: malware, ransomware, data breach, data loss, strategic planning.
展开▼
