Ransomware is still a concern and will continue to be so for the foreseeable future. The threat will remain acute as long as organizations continue to pay, affiliate gangs continue to be shielded by hostile states and current threat actors TTPs continue to work.
Ransomware is increasingly stealing the spotlight when it comes to cyber-threats. Thanks to big-name compromises and escalating geopolitical confrontation, it dominated headlines in 2020 and continues to do so this year. The message is now reaching boardrooms. In fact, many are going to great lengths to ensure that it does not happen to them. However, a narrow focus on ransomware protection isn’t always the best option for businesses and their customers.
Despite what many security providers would have people believe, there is no silver bullet solution to the problem. In addition, cyber-insurance policies are frequently accompanied with a long list of exclusions. As a result, businesses must approach the problem from the ground up, prioritizing cyber-hygiene and best practises, as well as layered security controls backed by unified threat intelligence.
A myopic view
Ransomware attacks increased by 485 percent year on year in 2020, according to Bitdefender’s “2020 Consumer Threat Landscape Report.” Major outages around the globe resulted in East Coast fuel shortages, meat supply chain disruptions, and chaos for thousands of worldwide MSP customers. Ransomware has been identified as a major threat by G7 leaders and NATO. The White House has warned Russia that it may take unilateral action against cybercrime groups that the Putin regime is reported to have granted safe haven to.
The message is reaching boardrooms. They’ve seen the devastation ransomware can cause to a company’s brand and bottom line time and time again. This includes business downtime, customer churn, and eroding consumer confidence, as well as IT overtime, legal fees, lost sales, regulatory fines, and much more.
What exactly are these problems? VPNs, remote worker endpoints, exchange servers, and other technologies businesses rely on have unpatched vulnerabilities. There are weak passwords that can be used to access corporate accounts and RDP endpoints without using multi-factor authentication. Employees that are preoccupied are the ones who fall prey to phishing scams. Attackers get a foothold in corporate networks through unvetted third-party links and digital supply chains.
Mitigating ransomware risk
Senior business leaders are right to be concerned about the ransomware threat. They must, however, consider the big picture. Failure in this area is a symptom of a long-standing problem for CISOs: cyber-boardroom misalignment.
One encouraging development in recent months has been an open discussion on the role of cyber-insurance in decreasing ransomware risk.
The rising premiums of cyber insurance may drive company executives to reassess their position. It’s not a get-out-of-jail-free card anymore. In reality, as insurers grow more prescriptive about policyholder settings, the industry may be able to help a wide range of enterprises enhance their baseline security.
Threat intelligence is crucial
The need of cyber hygiene and best practises is evident, but so is selecting the right technology approach. If there isn’t a silver bullet, where should CISOs spend their extra budget? Many are currently blindfolded and with one arm tied behind their backs, flailing at the ransomware. They have no idea how the bad guys will get into networks or what other techniques they can use if one attack route is prevented.
The solution is to have best-in-class protection layered across endpoints, cloud platforms, servers, networks, and web and email gateways. However, intelligence is a necessary component. It should assist companies in identifying their internal high-risk vulnerabilities. It can also provide visibility into larger threat behavior occurring outside the company boundary, such as discussions on dark web forums or new phishing site registrations.
Organizations can effortlessly incorporate this intelligence into their best-of-breed security environment via open APIs and automation, freeing up analysts to focus on high-value jobs and reducing detection and reaction times. A new phishing site IP address, for example, can be blocked in minutes before the gang behind it could send the staff fake emails. Similarly, information about new ransomware indicators of compromise (IOCs) might be fed into intrusion prevention solutions to improve resilience before the company even attacked. Threat intelligence can also aid red teams in probing for flaws and proactively building stronger defences.
For more such updates follow us on Google News ITsecuritywire News.