The State of Ransomware: A Bigger Fear Than COVID-19

What do security professionals fear more this holiday season – ransomware or COVID-19? Believe it or not, they’re more concerned with the former.

That’s according to a flash survey of nearly 50 senior cybersecurity professionals taken at Optiv Security’s November OptivCon Virtual event. When asked, “What do you think is the greater threat to your business this holiday season: Ransomware or COVID-19?,” 60% of respondents said ransomware.

These survey results reveal just how big of a problem the ransomware epidemic is: We’re in the midst of a global health pandemic that has taken trillions of dollars out of the global economy, yet many security professionals are more fearful of ransomware. Why? In many cases, it’s because they don’t have an effective ransomware incident response (IR) plan in place – and therefore, they don’t know what to do when a ransomware attack occurs.

Another Communications Breakdown

While the solution to the ransomware problem might seem simple (prepare for it and put a plan in place!), there’s an underlying reason why so many companies are caught unprepared when the crisis strikes – and it’s rooted in the classic disconnect between cybersecurity and the boardroom.

Company leaders don’t understand that ransomware is a corporate crisis – not a cybersecurity problem. They think it’s the CISO’s job to block ransomware attacks, rather than leadership’s job to be prepared to respond to a successful attack. Unfortunately, this narrow view of the ransomware problem dramatically increases the potential harm that can result from the attacks.

The Ransomware Playbook

Similar to the IR plans and playbooks developed for data breaches, successfully dealing with ransomware also requires a strategic IR plan that methodically details the procedures for rapid response to and containment of incidents. The overall goal is to limit the risk of impact to the business.

At a minimum, an IR plan should include:

  • Working backups,
  • Detection and prevention controls,
  • Data classification and valuation of data,
  • Communication trees and templates, and
  • Rules of engagement with ransomware dealers.

On this last point, in the event of a successful ransomware attack, organizations have three choices: 1) they can attempt to recover from the compromise; 2) they can pay the ransom or attempt to negotiate; or 3) they can do nothing at all. The FBI’s stance is to NOT pay or negotiate with cybercriminals. While this is certainly a best practice and the outcome you hope for, it might not always be possible – for example, hospitals with patients’ lives on the line or companies that will go out business if they don’t pay up may have no choice but to pay. This decision is up to each individual company – and it should be part of a coordinated response led by the C-suite and board, executing according to a pre-established IR plan.

It’s also important to note that having an IR plan is not enough – it also must be tested and reviewed on a continuous basis, and important procedures must be practiced frequently. Professional basketball players, for example, will practice hundreds of free-throws even though those shots are worth only a single point. Companies should spend the same amount of rigor on issues as important as responding to a ransomware attack that could cost their company millions of dollars.

The Evolution of Ransomware

Ransomware attacks, as they are executed today, are stressful enough for companies .... and it’s about to get worse. In 2021, we expect ransomware to become increasingly sophisticated and even more dangerous. Specifically, we believe:

1) Ransomware attacks will start to compromise our critical infrastructure, potentially holding entire regions of the country hostage.

2) Deepfake videos will move beyond a way to spread misinformation and morph into a new form of ransomware (i.e., extorting companies for money with the threat of releasing a damaging deepfake video).

3) As internet-enabled technology becomes more embedded in physical systems and medical devices, the loss of human life due to ransomware attacks will become a real consequence.

Having a coordinated business and cybersecurity IR plan is one of the most effective ways to overcome the fear of ransomware and minimize the business impact of these attacks. And, with ransomware attacks expected to become more complex and dangerous in the coming months, IR plans will become mandatory for an organization’s response capability and survivability.

If you don’t know where to start, learn from the experiences of companies that have previously been targeted by ransomware campaigns and seek the advice of cybersecurity experts. Don’t wait to act until it’s too late and your company is in full-fledged crisis mode. Put a plan in place today that will shore up your defenses against ransomware, and reduce the potential damage of successful attacks.

Featured

Featured Cybersecurity

Webinars

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3