The State of Ransomware: A Bigger Fear Than COVID-19

  • By Brian Wrozek
  • Jan 04, 2021

What do security professionals fear more this holiday season – ransomware or COVID-19? Believe it or not, they’re more concerned with the former.

That’s according to a flash survey of nearly 50 senior cybersecurity professionals taken at Optiv Security’s November OptivCon Virtual event. When asked, “What do you think is the greater threat to your business this holiday season: Ransomware or COVID-19?,” 60% of respondents said ransomware.

These survey results reveal just how big of a problem the ransomware epidemic is: We’re in the midst of a global health pandemic that has taken trillions of dollars out of the global economy, yet many security professionals are more fearful of ransomware. Why? In many cases, it’s because they don’t have an effective ransomware incident response (IR) plan in place – and therefore, they don’t know what to do when a ransomware attack occurs.

Another Communications Breakdown

While the solution to the ransomware problem might seem simple (prepare for it and put a plan in place!), there’s an underlying reason why so many companies are caught unprepared when the crisis strikes – and it’s rooted in the classic disconnect between cybersecurity and the boardroom.

Company leaders don’t understand that ransomware is a corporate crisis – not a cybersecurity problem. They think it’s the CISO’s job to block ransomware attacks, rather than leadership’s job to be prepared to respond to a successful attack. Unfortunately, this narrow view of the ransomware problem dramatically increases the potential harm that can result from the attacks.

The Ransomware Playbook

Similar to the IR plans and playbooks developed for data breaches, successfully dealing with ransomware also requires a strategic IR plan that methodically details the procedures for rapid response to and containment of incidents. The overall goal is to limit the risk of impact to the business.

At a minimum, an IR plan should include:

  • Working backups,
  • Detection and prevention controls,
  • Data classification and valuation of data,
  • Communication trees and templates, and
  • Rules of engagement with ransomware dealers.

On this last point, in the event of a successful ransomware attack, organizations have three choices: 1) they can attempt to recover from the compromise; 2) they can pay the ransom or attempt to negotiate; or 3) they can do nothing at all. The FBI’s stance is to NOT pay or negotiate with cybercriminals. While this is certainly a best practice and the outcome you hope for, it might not always be possible – for example, hospitals with patients’ lives on the line or companies that will go out business if they don’t pay up may have no choice but to pay. This decision is up to each individual company – and it should be part of a coordinated response led by the C-suite and board, executing according to a pre-established IR plan.

It’s also important to note that having an IR plan is not enough – it also must be tested and reviewed on a continuous basis, and important procedures must be practiced frequently. Professional basketball players, for example, will practice hundreds of free-throws even though those shots are worth only a single point. Companies should spend the same amount of rigor on issues as important as responding to a ransomware attack that could cost their company millions of dollars.

The Evolution of Ransomware

Ransomware attacks, as they are executed today, are stressful enough for companies .... and it’s about to get worse. In 2021, we expect ransomware to become increasingly sophisticated and even more dangerous. Specifically, we believe:

1) Ransomware attacks will start to compromise our critical infrastructure, potentially holding entire regions of the country hostage.

2) Deepfake videos will move beyond a way to spread misinformation and morph into a new form of ransomware (i.e., extorting companies for money with the threat of releasing a damaging deepfake video).

3) As internet-enabled technology becomes more embedded in physical systems and medical devices, the loss of human life due to ransomware attacks will become a real consequence.

Having a coordinated business and cybersecurity IR plan is one of the most effective ways to overcome the fear of ransomware and minimize the business impact of these attacks. And, with ransomware attacks expected to become more complex and dangerous in the coming months, IR plans will become mandatory for an organization’s response capability and survivability.

If you don’t know where to start, learn from the experiences of companies that have previously been targeted by ransomware campaigns and seek the advice of cybersecurity experts. Don’t wait to act until it’s too late and your company is in full-fledged crisis mode. Put a plan in place today that will shore up your defenses against ransomware, and reduce the potential damage of successful attacks.

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • New Research Shows a Continuing Increase in Ransomware Victims

    GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now

  • OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities

    According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3