The majority of C-suite executives are confident in their organization’s protection against ransomware attacks. At least, that’s what a recent research report from ISC2 shows. In fact, just 15% express a lack of confidence. Does this confidence take into account the nearly 53% rise in double extortion ransomware attacks between January and February? Are the executives wrong? Or do they have insight that others lack?
While it might seem like a paradox, there are some good reasons to be confident in ransomware protection. Improved teamwork between executives and security teams, effective approaches, cryptocurrency regulation and successful investigation into ransomware crimes are all reasons that offer a sense of improved confidence.
Communication Is Essential
Cybersecurity issues impact business operations and the bottom line. For example, the average cost of a ransomware attack is $4.62 million. In the wake of a data breach, companies can lose customers, lose trust and face hefty fines.
According to the ISC2 study, business leaders would like more budgetary and risk information when it comes to knowing their cyber risk. Up to 41% of executives surveyed want more details on investments needed to protect against ransomware. And 43% want to know exactly how another budget will improve security.
To build true confidence in your protection against malicious attacks, all key stakeholders should be made aware. Despite the sense of confidence, only 29% of boards are “deeply involved” in cybersecurity strategy. This reveals a gap between the real world and that confidence.
Highly Effective Approaches
Employee training is essential, as many cyber attacks occur through social engineering scams. Infected files can find their way into a network through phishing emails and imposter social media accounts. If employees aren’t careful, an attacker could fool them into opening the door wide for a malicious attack.
Still, human beings aren’t the only ones seeking network access. The online world has exploded with apps, APIs and Internet of Things (IoT) devices that require authentication. Advanced identity and access management (IAM) tools can decide which requests are approved and provide the least amount of privilege for each.
IAM solutions can manage access for clients, partners, employees, contractors and any other human or machine access request. All of this falls into a broader category of zero trust policies. Zero trust ensures that the system restricts resources by default, even for connections inside the perimeter.
Could it be that truly confident leaders already have zero trust solutions up and running to protect their networks?
It’s no secret that nefarious gangs typically demand payment in Bitcoin, Ethereum or other cryptocurrencies. These payment methods are anonymous, hard to track and easy to obfuscate. However, as crypto moves further into the mainstream, regulation will also advance with it. From a security standpoint, this could be a good thing. It could add anti-money-laundering rules, customer requirements and the requirement to file suspicious activity.
Catching Cyber Thieves
Some might believe you can’t catch a crypto crook. But investigations lead to real results, such as shutting down darknet markets and arresting attackers. For example, the U.S. Department of the Treasury recently reported the takedown of the Hydra gang. In a coordinated international effort involving multiple U.S. federal authorities, the German Federal Criminal Police shut down the server infrastructure of Hydra, the largest darknet marketplace in the world.
The massive Hydra network had 17 million customer accounts and over 19,000 registered sellers. In 2020, the group had a global turnover of $1.34 billion. In addition to sanctioning Hydra, authorities found and listed over 100 virtual currency addresses that criminals used to conduct illicit transactions.
Massive Scale of Threat Coming?
With the rise in attacks, even the average person is more aware of the risk. Meanwhile, organizations of all kinds, from corporations to infrastructure to government agencies to health care, are all under intense attack. As the damage continues to mount, leaders will be forced to face a new truth: cyber security strategy is company strategy. Relying on audits, flimsy security add-ons and development afterthoughts isn’t competitive.
The most difficult attacks to defend against are still those that trick people, worm into systems and find or install backdoors. If these processes could be automated (some already are, like automated phishing), unprotected companies could be in for a world of hurt.
Are You Optimistic?
No matter your level of confidence, it pays to take a good look at your current security posture. First of all, decisions must have strong C-level buy-in. Executives must learn to work well with their security teams and include them at key levels of decision-making. Meanwhile, the chief information security officer should learn to speak in business terms. They need to understand how budgets can be made to strengthen the business, not just security.
From there, implement the right tools early. Already, proven approaches such as zero trust exist in our new perimeter-less reality. As attacks grow in scale and sophistication, artificial intelligence (AI) is helping overworked teams stay ahead of threats. With AI assistance, threat intelligence can curate data from millions of research papers, blogs, news stories and other data sources. From there, machine learning and natural language processing tools provide rapid insights to reduce response times.
Lastly, government agencies and law enforcement are doing their part to make the internet safer and bring criminals to justice. Even though threats will always exist, the prepared organization has the tools and know-how to make a difference. That’s a good reason to be optimistic.
Freelance Technology Writer
Jonathan Reed is a freelance technology writer. For the last decade, he has written about a wide range of topics including cybersecurity, Industry 4.0, AI/ML...