A ransomware attack can demoralize or debilitate organizations quite like no other. Not only does ransomware strike a company's morale, but it also causes massive financial losses along with reputational damage that could prove difficult to repair. Cybersecurity Ventures predicted global ransomware damage costs to reach $20 billion annually in 2021, up from $325 million in 2015. In eight years from now, the costs will exceed $265 billion. If these predictions hold true, businesses are rightfully concerned about how much ransomware could cost them in the coming years. However, protecting against it shouldn't cost the earth. Cybersecurity strategies have changed in recent years as the industry has broadly accepted that suffering a data breach is more of a "when, not if" situation. In response, many businesses are now focused on prevention, preparation, and response. With such a switch in mentality, businesses assume they will need more work and more resources and, inevitably, incur more costs. Although that may be the case in the first instance, if businesses are clever in setting up their cybersecurity strategy, they can save money in the long run. It's vital that going forward, there is a greater focus on balancing the overall return on investment (ROI) and the level of risk an organization's cybersecurity strategy presents. Although security strategies have evolved, many organizations over-rely on technology products to meet their cybersecurity needs. While products and solutions, of course, have their place, businesses need to strike a balance between technology, people, and processes – ideally with technology acting as an underlying factor to support the other two. No organization will ever be 100% secure, but those who fare the best have an internal culture that supports and takes an offensive approach to security, makes it everyone's responsibility, and proactively and proactively communicates on the subject with its board, C-level, and employees effectively. In addition, by increasing security maturity and measuring oneself on an evolving scale rather than looking at it as black and white, whether we are secure or not, businesses will automatically make strategic, as well as operational, decisions and related investments. This process promotes a focus on improvement and where money is going (versus solely having the latest and greatest platform on the market and hoping it provides the protection the business seeks). Ensuring ROI means focusing on security posture overall. Businesses want to be sure they have a tolerable level of risk, are resilient to attacks such as ransomware, and their reputation remains intact. Businesses can't control everything, so prioritizing key assets is the best approach. Prioritization means working out what within the business is likely to be most at risk – for example, customer data, innovation documentation patents, and employee personal identifiable information (PII) – and ensuring the appropriate people, processes, and technology are surrounding it and are fully resourced. What's more, taking preventative measures as well as continuously monitoring, testing, and adapting security approaches based on shifting priorities or business goals should be something every organization is doing to build their security maturity and ensure ROI. No company is off limits, and there is no foolproof method to keeping ransomware out of the business environment. But there are common-sense steps organizations can take to make themselves a less likely target – or at least one who rebounds much quicker than others in the event of an attack. First, run penetration testing (pen testing for short) and conduct vulnerability assessments. It's impossible to protect what can't be seen. Without carrying out a thorough pen test, organizations can't be sure what is connecting to their network, what vulnerabilities are going unmanaged, or what the priority assets are. Modern organizations are often highly nuanced with various networks, locations, clouds, etc., making it difficult to maintain a consistent vulnerability management program across multiple environments. As such, it's vital that organizations regularly carry out pen tests and security policies shift accordingly. Second, getting a handle on phishing attacks. Verizon's 2023 DBIR found that 36% of all data breaches involved phishing. What's more, such attacks are often the first step in a ransomware campaign, as cybercriminals can leverage phishing tactics to deploy their malicious payloads or collect credentials to be used later down the line. Third, mitigating against phishing attacks is not as simple as deploying one email security solution. Every organization that has been a victim of a successful email-initiated ransomware attack had an email security solution. Instead, layering email security solutions is a very cost-effective way of reducing the volume of phishing attacks. Also, training employees to decrease the likelihood of them falling for a phishing email and clicking on a malicious link is another inexpensive method to bolster email security technology. The fourth step is deploying a detection solution to keep up to date with the latest threats. These types of solutions use artificial intelligence and machine learning to detect indicators of compromise and indicators of behavior in a business environment to notify security teams of any malicious activity, giving them time to respond accordingly. The majority of companies providing such solutions also share threat intelligence with their customers based on what they're seeing in the industry or broader threat landscape. However, these solutions are complex and require 24×7 vigilance to be effective. This is another strategic ROI inflection point. Is investing in a partner to provide this capability more cost-effective than building it internally? Fifth, yet no less important, is drafting and referring to an incident preparation and response plan. Every organization should assume a ransomware attack will target them. As such, they need to create a plan to respond to an attack's full life cycle. This can help mitigate and lessen the financial and reputational damage that comes with breaches and attacks. Security practitioners should work with the organization's C-level executives to answer questions and develop a ransomware protection plan, consider how ransomware is prevented and detected, and how the organization should respond when it happens. The plan itself should ask and answer a series of questions. These include a robust data backup and retrieval plan, how to contain the ransomware, identify affected systems, whether there is appropriate cyber insurance in place, whether to negotiate with the attacker or pay the ransom on the table, and which external resources are needed to respond. It's always easy to go for the shiny "silver bullet" solution when it comes to protecting against ransomware. However, no one solution can mitigate every threat. Instead, organizations need to take sensible steps and actions to protect their environment, adapt to their overall business goals, and ensure they're getting ROI on their security strategy. While there's no failsafe solution, there's a roadmap to resilience. It involves a judicious blend of the right strategies, technologies, and proactive measures that enhance security and ensure a reasonable return on investment. By investing wisely in the right resources and strategies, including having a solid incident response plan, business leaders can rest assured that they've taken comprehensive steps to mitigate the risks and the devastating impact of a ransomware attack. Implementing a Managed Detection and Response (MDR) solution is a great step to take to protect your organization against ransomware. Click the image above to find out more. A version of this article originally appeared on European Financial Review.Switching Tactics
Reassessing Priorities and Getting ROI
5 Key Measures to Mitigate the Ransomware Threat
Conclusion
Alert fatigue is a long-standing problem in cybersecurity that only increases in severity as a company grows. In that sense, alert fatigue is inextricably tied to another challenge: the need for...
Cybersecurity professionals often point out that threat actors do not differentiate when choosing a victim. To an attacker, a hospital is as useful a target as a law firm or even a mining operation....
Phishing is the most common method for an attacker to gain an initial foothold in an educational organization, according to the just released Trustwave SpiderLabs report 2024 Education Threat...