The surge in ransomware attacks is increasing steadily, creating a worrisome situation for CISOs, especially those working in the critical infrastructure sectors. Hence, CISOs should identify ways that will enable them to navigate the technical, ethical, and regulatory shifts that are impacting the industrial environments.
Ransomware attacks have become one the biggest businesses in 2020 and 2021. As per Sophos’ “The State of Ransomware Attack 2021,” 54 % of respondents hit by the attack admitted that cybercriminals have succeeded in encrypting their data in the most significant attack. Such attacks and the success stories of getting ransom are only giving rise to threat actors to try their hands on. They are advancing their approach by researching their targeted organizations and its ability to pay the ransom. All these strategies are developed as well as executed to make the payment of ransomware of least resistance both financially and logically. Debating over ransomware payment and believing transfer of risk with control when opting for cyber insurance to deal with will aren’t feasible steps and will lead the organizations nowhere. While preventing these attacks is not always possible, CISOs should develop better approaches to mitigate them.
Here are a few they can try to mitigate the ransomware attacks
C-suite and board members understand common factors in business risks such as market risk, liquidity risk, and supply chain risk while failing to comprehend industrial cyber risk. Hence, it is crucial that CISOs build a risk tolerance and have a good resilience plan to understand the current state of cyber risk in the operational technology (OT) environment. They should bring awareness to industrial cyber risk and create a burning platform that cannot be ignored without neglecting it on purpose.
Given the benefits that digital transformation provides, cyber risk shouldn’t be a question of implementation but a mandate to strengthen industrial cybersecurity.
It is almost always impossible to secure the infrastructure on all fronts in the face of an attack. However, there are still a lot of things to mitigate them. Hence, CISOs should put recommended controls and best practices in place to build a solid cybersecurity foundation. Such initiatives also ease the burden and worry when the organization suffers from an attack, making it easy for CISOs to make the right decisions with confidence.
Rethinking about financial calculus
Traditionally, the financial model of ransomware favors paying the attacker with the ransom instead of not paying them. However, there are times when the organization refuses to pay the ransom in the hope of dealing with an attack. While this approach seems sensible, refusing to pay ransom can hamper the business operations, costing the organization more than the ransom itself. Hence, CISOs should emphasize incident reporting, which factors the risk equation associated with finance in favor of better controls and upfront risk governance
For more such updates follow us on Google News ITsecuritywire News