In this Expert Insight, Jeffrey Wheatman, a Cyber Risk Evangelist at Black Kite argues that CISOs need to shift to a more proactive approach to fend off damaging attacks by sophisticated ransomware groups.
Ransomware is a game, increasingly played by organized teams with ever-increasing stakes. Because our digital attack surfaces are constantly expanding, we’ve inadvertently given these groups virtually unlimited ways to infiltrate critical systems and wreak havoc on businesses.
To avoid falling victim, CISOs need to be strategic and one-step ahead. However, doing so can seem nearly impossible. Cyber professionals continue to be hindered by limited funding, massive human capital shortages and the desensitization of audiences that are numb to the constant news of ransomware attacks. With nearly 7 in 10 CISOs feeling that the threat landscape is much more severe now than it was a year ago, it’s time to drive change.
Cyber leaders can shift their approach from reactivity to proactivity. Ransomware may be a permanent fixture in the world of digital business, but there are ways to protect the enterprise against attacks.
Ransomware: Understanding the Common Threads
The key to protecting your business starts with understanding the commonalities across ransomware incidents.
According to recent research, 58% of 2,000 ransomware victims either had remote admin ports open or unprotected internal data shares (or in some scenarios, both). The same research found more than half of these victims also had leaked credentials in the last year – with email being the most common access point for these attacks.
The cost of these overlooked mistakes is growing to be astronomical. The average ransomware incident cost businesses a total of $22.18 million between 2017 and 2021, leading experts to believe that cybercrime could be a trillion dollar industry in the near future. The finance and insurance industries were hit the hardest, with the cost of an incident averaging over $35 million. These sectors have a significant amount of sensitive data, and many financial transactions were conducted over unsecured databases. These types of transactions were the most frequent cause of attacks across industries, setting businesses back an average of $112.93 million per incident.
Cybercrime damage extends further than just financial loss; the impact on businesses’ reputation can be devastating. Communicating to your upstream partners and customers that sensitive data was stolen can lead to loss of business. According to IBM’s 2022 report, 60% of organizations said they were forced to increase the price of their products and services as a result of the data breach. These types of actions discourage new customers and can lead to a tarnished reputation.
With a core knowledge base of how these attacks happen, where they most commonly occur, and the detrimental impact they can have on an organization, CISOs can assemble the tools they need to beat these criminals at their own game.
Assembling the Controls Necessary to Prevent Attacks
There are steps CISOs can take to ensure their companies are safe from ransomware attacks. This involves implementing a set of controls that can help stabilize company assets and protect businesses from unwanted attacks.
Step One: Prevention with Technical Controls
The first step is to employ preventative controls. Make sure your perimeter is locked down to minimize unnecessary outside access. Execute simple and consistent patching processes. In fact, Black Kite’s Ransomware Susceptibility Index (RSI) calculation shows that poor patch management is often one of the most common avenues for bad actors to gain access to a company’s systems. Implement DMARC to eliminate or limit fake inbound emails and deploy multi-factor authentication (MFA) to dramatically limit your exposure to cyber incidents. These are easy actions that should be executed as the first steps to safeguard your company’s data. However, it’s important to note that while preventative controls may stop or slow down an attacker, there isn’t 100% certainty that attackers won’t find a way around them. That’s why it is essential to pair preventative controls with other defense mechanisms.
Step Two: Education with Administrative Controls
Administrative controls tend to be more about the process and the people rather than the technology. When it comes to ransomware, security and risk education are critical. The unfortunate reality is some people will click suspicious links no matter how many times they’ve been warned not to – it’s human error and we’re all prone to it. The opposite is also true – some will do the right thing, even if they’ve only received the minimum training. The people in the middle are those who will benefit most from risk training and education. One second guess could be the difference that either protects your data or gives hackers the keys to the kingdom.
Communication is also critical with non-IT stakeholders. They must fully understand the magnitude of a potential ransomware attack. Stakeholders need to see the details – how much money stands to be lost, which upstream or downstream partners will be affected, how long it will take to recover data, etc. – to understand. When they clearly see the impact to the bottom line, they’ll be more willing to invest in defense mechanisms.
Step Three: Tech-powered Recovery Controls
Recovery controls combine people, processes and technology. They have two key focus areas, with the first being backup and restore capabilities. It is important to have these capabilities, but they must be tested regularly. If your data gets compromised, getting access to the most recent backup and restoring it with minimum hassle, time and effort is crucial.
Business continuity and resilience planning is the second focus area and the ultimate CISO safety net. How will your business run if your backups aren’t recoverable or if it takes an extended time to recover your data? Most businesses have evolved to the point where they can’t do much without technology and automation. When these systems crash, business grinds to a halt. A solid backup plan will help mitigate risks and prevent further monetary loss.
A Controlled Strategy to Preventing Ransomware Incidents
While bad actors are continuously finding new ways to infiltrate data systems and steal valuable assets, there are always ways to protect your business. Understanding the importance of vetting your vendors, safeguarding your data and training your employees to look out for suspicious activity will significantly decrease the probability of an attack. While there may never be 100% defense against bad actors, the companies that invest in risk protection will make hackers’ jobs much more difficult.
Give yourself a winning edge in the game. Preventing ransomware incidents is a complex process — but CISOs who have the tools and processes in hand will come out on top.