Check out all the on-demand sessions from the Intelligent Security Summit here.
The “if, not when” mentality surrounding ransomware may be the biggest modern threat to business longevity. Companies of all sizes and across all industries are increasingly common targets for ransomware attacks, and we know that 94% of organizations experienced a cybersecurity incident last year alone. Yet, many enterprises continue to operate with decades-old security protocols that are unequipped to combat modern ransomware. Leaders have prioritized improving physical security measures in light of the pandemic — so why haven’t ransomware protections improved?
Maybe it’s the mistaken notion that ransomware attacks are declining. In reality, Q1 of 2022 saw a 200% YoY increase in ransomware incidents. Meanwhile, the rise in Ransomware as a Service (RaaS) offerings suggests that cyber threats have become a commodity for bad actors.
The RaaS market presents a new and troubling trend for business leaders and IT professionals. With RaaS — a subscription ransomware model that allows affiliates to deploy malware for a fee — the barrier to entry for hackers is lower than ever. The relatively unskilled nature of RaaS hackers may explain why the average ransomware downtime has plummeted to just 3.85 days (compared to an average attack duration of over two months in 2019). While the decrease in attack duration is promising, the rise of RaaS still suggests an inconvenient truth for business leaders: All organizations are at risk. And in time, all organizations will become a target, which is why it’s time for IT and business leaders to implement tough cybersecurity protocols.
The ransomware waiting game is more dangerous than ever
In January 2022, hackers breached data centers in Bernalillo County, New Mexico. Days of critical infrastructure outages followed, including the shutdown of security cameras and automatic locking mechanisms inside the county’s largest detention center. Months after subverting the ransomware agents, officials in Bernalillo County implemented a robust cybersecurity strategy that included endpoint detection and response (EDR) systems, multi-factor authentication (MFA) on all employee accounts, 24/7 security monitoring and new virus-scanning software.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
Bernalillo County’s ransomware breach and subsequent response provide several lessons learned. First, the attack demonstrates that ransomware can harm organizations and citizens in non-monetary ways. During the incident, Bernalillo County residents experienced critical service outages, and county inmates were limited to their cells for several days. This tracks with Gartner’s prediction that ransomware attacks will cause increasing harm in the physical world, even resulting in human casualties as early as 2025.
The incident also provides an example of a firm (if delayed) response to combating ransomware. Necessary cybersecurity precautions like MFA, remote monitoring and EDR go a long way toward preventing successful ransomware attacks — but only if professionals deploy them before a cyberattack. Unfortunately, many business leaders continue to wait for a reason to implement robust cybersecurity protocols. As a result, their organizations eventually and inevitably suffer like the residents of Bernalillo County.
Prioritizing a proactive security strategy is critical
Organizations don’t have to satisfy or compromise with ransomware agents. Business and IT leaders have access to the same evolving AI and machine learning (ML) capabilities that modern hackers employ, which means organizational cybersecurity can be equally effective and agile. Decision-makers looking to prevent the collateral damage caused by cyberattacks must implement a ransomware protection strategy today.
More often than not, adequately tactile protection plans require a third-party vendor to provide security insights or monitoring capabilities. But business and IT leaders should only consider Ransomware Protection as a Service (RPaaS) solutions that offer adaptive strategies for cloud-based, on-prem and hybrid data centers. Doing so ensures that as an organization grows — or, in some cases, shrinks — its cybersecurity package can scale without additional software.
And that level of scalability is more important than ever before. According to Gartner, 30% of enterprises will adopt an all-in-one SaaS cybersecurity solution by 2024. This indicates that consolidation and optimization are top considerations when selecting additional services right now. As such, business leaders should consider a cybersecurity solution that offers a wide range of interoperable managed services.
Cybersecurity in hybrid work environments
Leaders must also carefully vet all offerings provided by possible cybersecurity vendors. At the minimum, a chosen provider should offer EDR and Security Information and Event Management (SIEM) solutions.
EDR is a critical component of a rigorous cybersecurity program, particularly in the hybrid work environment, in which employee devices (or endpoints) are scattered across the globe. The existence of various endpoints presents a new cybersecurity challenge. It also solidifies the importance of trusted cybersecurity parameters like MFA and single sign-on (SSO) protocols that protect network access points from bad actors. EDR systems provide IT and business leaders peace of mind, regardless of their employees’ locations.
Similarly, SIEM provides leaders with a necessary component of operational efficiency in a complicated working world: Data visibility. When employed systemwide, SIEM collects data and compiles all insights into a unified dashboard. This feature removes the noise from organization-critical information, empowering IT professionals to make well-informed cybersecurity decisions. Using ML, SIEM can also suggest enhanced security measures and improved efficiency tailored to its host organization.
Should an attack occur, AI-backed solutions reduce threat vectors and associated costs. According to IBM, organizations that successfully implement AI-based applications like SIEM resolve cyber threats 27% faster than their competitors. And since prolonged data breaches can make the difference of millions of dollars in losses, organizations should consider adopting RPaaS tools like EDR and SIEM sooner rather than later.
Ransomware: Preparing for the “when,” not the “if”
The first step to addressing ransomware threats is to accept that your organization will be a target sooner or later. Coming to this realization will become even more crucial as we witness an increased interest in casual ransomware via RaaS, and as international conflicts increase the likelihood of large-scale breaches.
There is good news: Although ransomware attacks are inevitable, breaches are not. With a robust cyber defense, organizations can prevent financial losses and mission-critical service outages. The key to preparing for a phishing or ransomware attempt is seeking a trusted partner to aid in your journey.
But there are other opportunities for critical improvements in cyberinfrastructure. For example, organizations can — and should — conduct education campaigns for personal cyber hygiene. Employees are often the first line of defense against cyber attacks, and nearly 90% of data breaches are caused by human error.
In other words, awareness doesn’t stop with business leaders. Our modern working world would benefit from a paradigm shift when it comes to cybersecurity. After all, employing the help of a verified partner or educating colleagues on the importance of cyber defense may be the difference between “business as usual” and millions in financial losses.
Allen Jenkins is CISO and VP of cybersecurity consulting at InterVision