This blog focuses on the ‘Ransomware in Focus’ study by CISOs CONNECT in August 2021, which surveyed 250 Chief Information Security Officers, who bear the brunt of responsibility for managing the impacts of ransomware in their business.
Ransomware is not a new phenomenon; the first documented example¹ was the ‘PC Cyborg’ trojan attack in 1989 that encrypted a victim’s files and demanded a ransom of $189. Nowadays ransomware is now more widespread and more destructive.
In late May 2021, the world’s largest meat supplier, JBS paid $11 million in ransom to cybercriminals a week after discovering the incursion. Even more seriously, the foreign exchange firm Travelex was forced into administration after it was crippled by a ransomware attack that encrypted more than 5GB of sensitive data.
#1 Threat: Ransomware
In the report, as you may expect, the main finding was that CISOs recognise ransomware as their number one threat.
This is because it impacts an organisation on many levels: operational, financial, legal and reputational. And unfortunately, it doesn’t look like it’s going to get better soon with 69% of respondents expecting to be successfully hit at least once in the next year – up from 53% hit in the past 12 months.
With many high-profile attacks in the news, the ransomware threat is shining a spotlight on the importance of cyber security at board level.
Perhaps for the first time, executive leadership are asking CISOs what they need to effectively protect their organisations against cyber-attacks.
This means that ransomware defences are beginning to involve everyone and everything in the organisation – from users and endpoints to the data centre and the cloud.
To Pay or not to Pay?
Interestingly, the research showed that the financial ransom itself is not the CISO’s top concern.
Paying a hacker is a controversial decision – and it’s not even a guaranteed solution. If anything, it rewards threat actors and incentivises them to continue ransomware attacks.
Of course, the temptation to pay is understandable: it may be a choice of paying versus business continuity or even survival.
However, CISOs believe the biggest impact comes from the even higher cost of recovery and restoration of business operations.
Manning the Barricades
CISOs are obsessively focused on mitigating the impact of increasingly likely ransomware attacks. Survey respondents were asked about the perceived importance of a range of leading defensive practices.
Top of the list is a robust data backup and recovery regime. This is followed protecting endpoints and countering user vulnerabilities, where some of the greatest risks are found.
The UK’s National Cyber Security Centre (NCSC) and the US National Institute of Standards and Technology (NIST) are advocates of user education as an effective way reducing the risk of cyber attack.
Adopting Zero Trust
For more than half of respondents, network segmentation gets top billing with the increasing adoption of Zero Trust Network Access (ZTNA).
Zero Trust requires that every access attempt be verified, but also that the scope of access granted is minimised according to the principle of least privileges.
You can come in, but only to do exactly what you’re allowed and no more.
This approach limits an attacker’s lateral movement after breaching a network, which in turn limits the damage that can be done.
The practice of network segmentation was even included as a top recommendation in 2021 White House guidance on ransomware for businesses.
Obstacles in Path to Ransomware Defence
CISOs still may face some obstacles to establishing what they consider to be effective ransomware defences. The age-old frustration that the board doesn’t understand the issue is not the case for ransomware. Lack of support from executive leadership is at the bottom of the list.
The difficulties come from trying to implement tools and technology, together with the ever-present problem of a shortage of cyber security talent.
As the ransomware problem intensifies, shoring up technical defences is an imperative and organisations are turning to a model consistent with the NIST Cybersecurity Framework’s principles:
Hackers don’t sleep – you shouldn’t either
Cyber attackers are not standing still. To stand the best chance of preventing a breach, organisations must continually assess their vulnerabilities, strengthen cyber security infrastructure and test their attack response plans.
Explore CSI’s range of Cyber Security Services to see how we can help you bolster your defences.
¹ The first documented ransomware was the PC Cyborg Trojan, (aka AIDS Trojan Horse, or Aids Info Disk) – read blog for details.
Read more like this
Storage and Backup
Why Cyber-resilient Backups Are More Important Than Ever
Restoring mission-critical workloads with a backup strategy is the bedrock in understanding how your organisation can become even more resilient.
Cyber Security tips and best practice
Discover top cyber security tips & lessons from industry influencers.
CSI Change Freeze (Dec 2023 – Jan 2024)
CSI will be operating a ‘Change Freeze’ across our hosted and managed infrastructure to manage risk at this critical time.
Ready to talk?
Get in touch today to discuss your IT challenges and goals. No matter what’s happening in your IT environment right now, discover how our experts can help your business discover its competitive edge.