The State of Ransomware: A Bigger Fear Than COVID-19

What do security professionals fear more this holiday season – ransomware or COVID-19? Believe it or not, they’re more concerned with the former.

That’s according to a flash survey of nearly 50 senior cybersecurity professionals taken at Optiv Security’s November OptivCon Virtual event. When asked, “What do you think is the greater threat to your business this holiday season: Ransomware or COVID-19?,” 60% of respondents said ransomware.

These survey results reveal just how big of a problem the ransomware epidemic is: We’re in the midst of a global health pandemic that has taken trillions of dollars out of the global economy, yet many security professionals are more fearful of ransomware. Why? In many cases, it’s because they don’t have an effective ransomware incident response (IR) plan in place – and therefore, they don’t know what to do when a ransomware attack occurs.

Another Communications Breakdown

While the solution to the ransomware problem might seem simple (prepare for it and put a plan in place!), there’s an underlying reason why so many companies are caught unprepared when the crisis strikes – and it’s rooted in the classic disconnect between cybersecurity and the boardroom.

Company leaders don’t understand that ransomware is a corporate crisis – not a cybersecurity problem. They think it’s the CISO’s job to block ransomware attacks, rather than leadership’s job to be prepared to respond to a successful attack. Unfortunately, this narrow view of the ransomware problem dramatically increases the potential harm that can result from the attacks.

The Ransomware Playbook

Similar to the IR plans and playbooks developed for data breaches, successfully dealing with ransomware also requires a strategic IR plan that methodically details the procedures for rapid response to and containment of incidents. The overall goal is to limit the risk of impact to the business.

At a minimum, an IR plan should include:

  • Working backups,
  • Detection and prevention controls,
  • Data classification and valuation of data,
  • Communication trees and templates, and
  • Rules of engagement with ransomware dealers.

On this last point, in the event of a successful ransomware attack, organizations have three choices: 1) they can attempt to recover from the compromise; 2) they can pay the ransom or attempt to negotiate; or 3) they can do nothing at all. The FBI’s stance is to NOT pay or negotiate with cybercriminals. While this is certainly a best practice and the outcome you hope for, it might not always be possible – for example, hospitals with patients’ lives on the line or companies that will go out business if they don’t pay up may have no choice but to pay. This decision is up to each individual company – and it should be part of a coordinated response led by the C-suite and board, executing according to a pre-established IR plan.

It’s also important to note that having an IR plan is not enough – it also must be tested and reviewed on a continuous basis, and important procedures must be practiced frequently. Professional basketball players, for example, will practice hundreds of free-throws even though those shots are worth only a single point. Companies should spend the same amount of rigor on issues as important as responding to a ransomware attack that could cost their company millions of dollars.

The Evolution of Ransomware

Ransomware attacks, as they are executed today, are stressful enough for companies .... and it’s about to get worse. In 2021, we expect ransomware to become increasingly sophisticated and even more dangerous. Specifically, we believe:

1) Ransomware attacks will start to compromise our critical infrastructure, potentially holding entire regions of the country hostage.

2) Deepfake videos will move beyond a way to spread misinformation and morph into a new form of ransomware (i.e., extorting companies for money with the threat of releasing a damaging deepfake video).

3) As internet-enabled technology becomes more embedded in physical systems and medical devices, the loss of human life due to ransomware attacks will become a real consequence.

Having a coordinated business and cybersecurity IR plan is one of the most effective ways to overcome the fear of ransomware and minimize the business impact of these attacks. And, with ransomware attacks expected to become more complex and dangerous in the coming months, IR plans will become mandatory for an organization’s response capability and survivability.

If you don’t know where to start, learn from the experiences of companies that have previously been targeted by ransomware campaigns and seek the advice of cybersecurity experts. Don’t wait to act until it’s too late and your company is in full-fledged crisis mode. Put a plan in place today that will shore up your defenses against ransomware, and reduce the potential damage of successful attacks.

Featured

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services
  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

  • Report: AI is Supercharging Old-School Cybercriminal Tactics

    AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.