Three Strategies for CISOs to Mitigate the Impact of Ransomware Attacks

29
Three Strategies for CISOs to Mitigate the Impact of Ransomware Attacks

The surge in ransomware attacks is increasing steadily, creating a worrisome situation for CISOs, especially those working in the critical infrastructure sectors. Hence, CISOs should identify ways that will enable them to navigate the technical, ethical, and regulatory shifts that are impacting the industrial environments.

Ransomware attacks have become one the biggest businesses in 2020 and 2021. As per Sophos’ “The State of Ransomware Attack 2021,” 54 % of respondents hit by the attack admitted that cybercriminals have succeeded in encrypting their data in the most significant attack. Such attacks and the success stories of getting ransom are only giving rise to threat actors to try their hands on. They are advancing their approach by researching their targeted organizations and its ability to pay the ransom. All these strategies are developed as well as executed to make the payment of ransomware of least resistance both financially and logically. Debating over ransomware payment and believing transfer of risk with control when opting for cyber insurance to deal with will aren’t feasible steps and will lead the organizations nowhere. While preventing these attacks is not always possible, CISOs should develop better approaches to mitigate them.

Also Read: Organizations with Subsidiaries are more likely to suffer a Cyber-attack

Here are a few they can try to mitigate the ransomware attacks

Creating Urgency

C-suite and board members understand common factors in business risks such as market risk, liquidity risk, and supply chain risk while failing to comprehend industrial cyber risk. Hence, it is crucial that CISOs build a risk tolerance and have a good resilience plan to understand the current state of cyber risk in the operational technology (OT) environment. They should bring awareness to industrial cyber risk and create a burning platform that cannot be ignored without neglecting it on purpose.

Given the benefits that digital transformation provides, cyber risk shouldn’t be a question of implementation but a mandate to strengthen industrial cybersecurity.

Being prepare

It is almost always impossible to secure the infrastructure on all fronts in the face of an attack. However, there are still a lot of things to mitigate them. Hence, CISOs should put recommended controls and best practices in place to build a solid cybersecurity foundation. Such initiatives also ease the burden and worry when the organization suffers from an attack, making it easy for CISOs to make the right decisions with confidence.

Also Read: Industries become increasingly Vulnerable to Cyber-attacks

Rethinking about financial calculus

Traditionally, the financial model of ransomware favors paying the attacker with the ransom instead of not paying them. However, there are times when the organization refuses to pay the ransom in the hope of dealing with an attack. While this approach seems sensible, refusing to pay ransom can hamper the business operations, costing the organization more than the ransom itself. Hence, CISOs should emphasize incident reporting, which factors the risk equation associated with finance in favor of better controls and upfront risk governance

For more such updates follow us on Google News ITsecuritywire News