September 8, 2017 By Rick M Robinson 2 min read

This season’s featured cybersecurity nightmare may be ransomware, but breaches of all kinds are going up in both numbers and cost. In response, security vendors are offering sophisticated — and costly — solutions to defend against evermore sophisticated attackers. However, the most effective protective measures have nothing to do with specific software and everything to do with risk governance. Even in our increasingly complex cybercrime landscape, most attacks are preventable and most costs are avoidable.

The Art of Active Defense

The best way to prevent attacks and minimize losses is to use policy and governance guided by the principles of risk management to ensure available defenses are active and focused primarily on the organizational assets most at risk. However, organizations often fail to take these basic, critical steps. In fact, according to Infosec Island, security teams fail to implement 10 percent to 15 percent of scheduled patches “due to human or technology errors.”

This adds up to a lot of known but unpatched security holes attackers can exploit. The WannaCry ransomware attack, for example, could have been prevented with automated alerts of pending patches, combined with a governance process to ensure the alerts were addressed and the patches installed.

Prepare to Prevent and Recover

Active governance measures help to prevent security breaches and minimize the losses from attacks that do get through. Resilience against ransomware is an outstanding example: Offsite backups are the first line of defense against all types of data losses, from ransomware attacks to natural mishaps such as a flooded data center.

No magical cutting-edge technology is needed to provide offsite backups. The required technical solutions are widely available and well-tested. But backups do not happen by themselves. When data is rapidly recovered from offsite backups, it is because the backups were scheduled, the schedule was followed and the organization had tested its recovery process to ensure it would work when it was needed.

Similar principles apply across the spectrum of cyber operations. For example, with sound governance in place, access privileges are granted only on the basis of least privilege, in which users have only the level of access they need to do their jobs. Maintaining this policy reduces the risk of data or operations being compromised by either inevitable user error or malicious insider actions.

An Integrated Approach to Risk Governance

Unified effort is essential. The InfoSec Island article noted that a “truly integrated approach requiring strong governance and broad oversight illuminates vulnerabilities shared by departments.” Security holes can only be closed when they have been brought into view. Creating this security transparency and acting on it is what effective risk governance is all about.

More from Risk Management

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

How I got started: Ransomware negotiator

4 min read - Specialized roles in cybersecurity are proliferating, which isn’t surprising given the evolving threat landscape and the devastating impact of ransomware on many businesses.Among these roles, ransomware negotiators are becoming more and more crucial. These negotiators operate on the front lines of cyber defense, engaging directly with cyber criminals to mitigate the impact of ransomware attacks on organizations.Ransomware negotiators possess a unique blend of technical expertise, psychological insight and negotiation skills that allow them to navigate the high-stakes environment of ransomware…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today