- The majority of C-suite executives are confident in their organization's protection against ransomware, despite an uptick in recent attacks, research from (ISC)² shows. Just 15% report a lack of confidence.
- The increase in confidence levels may come from an overall increase in communication between business leaders and their security teams, (ISC)² said. The (ISC)² Ransomware Study surveyed 750 C-suite executives from U.S.- and U.K.-based organizations with more than 500 employees.
- Confidence in ransomware preparation can vary by sector but are largely unaffected by the recent increase in ransomware attacks. Organizations in financial services, logistics/supply chain and manufacturing/energy are all slightly more confident in their ransomware protection following the attacks from 2021.
While it's important for non-IT and security leaders to have buy-in, CISOs have the responsibility to level with their C-suite counterparts on the true threat of ransomware.
"If cybersecurity professionals feel their C-suite is overconfident about ransomware, it's time to speak up and deliver a dose of reality," the report said.
Regulatory fines caused by a ransomware attack are the top concern for respondents, followed by data or intellectual property loss. With data loss a top risk factor in ransomware — either locked or stolen data — it's up to CISOs to educate other business leaders about the most relevant risks to the threat.
CISOs can use the top areas of concern to educate their C-suite on what needs the most attention using business terms, benchmarks or comparative analysis to round out the context.
While it's tempting to show the board what the day-to-day operations and threats the SOC deals with, when speaking to the C-suite and board, CISOs need to understand:
- What are you asking for?
- What do you need from the board?
- How at risk is the business?
- What areas are lacking appropriate protection?
Since last year's ransomware attacks increase, organizations in healthcare cited the greatest increase in communication between security and other business leaders, (ISC)² found. However, communication declined in logistics, education, and manufacturing and energy.
Gartner recommends companies engage in a continual learning process for preventing ransomware attacks, according to Michael Hoeck, senior director analyst at Gartner, while speaking during the virtual Gartner Security & Risk Management Summit in November.
"You have to be able to run this scenario, you have to play through the scenario, you have to do the tabletop exercises, you have to perform the restore process," said Hoeck. "Take a system down to the bare bones, and reconstruct it to find out how long it really takes, and see how well it matches up to what the business is expecting."
"A lot has to do with some capabilities you already have today, or technology that's in place today," when it comes to backups, said Hoeck.
Some of the requirements of a continual learning process is keeping tabs on what applications are mission-critical, knowing the backup capabilities of a vendor and considering a secure isolated recovery environment.
C-suite executives want visibility into how security works with IT, with 38% asking for assurance that back-ups and restoration plans are unaffected in the event of a ransomware attack, (ISC)² found. One-third of respondents want to know what is needed to restore minimal operations following an attack, including backups, identifying priority systems, and restoring basic functions.