Ransomware is currently headline news and rightly so. Technology professionals around the globe have observed recent spikes in this form of cybercrime with alarm. The sheer volume of ransomware attacks in the first six months of 2021 is said to have eclipsed the 12-month total for 2020 and show little sign of slowing.
Recent trends demonstrate how ransomware attacks are becoming more complex. Some organizations are now facing double or even triple extortions. Hackers demand ransom to unencrypt drives, then to stop them from releasing sensitive corporate data, and then to stop them from releasing the data of that organization's customers or partners.
Given heavy news coverage of this issue, it can be hard to sort yesterday's story from the most pressing trends of today. Yet for IT security experts working in this space, one thing comes through loud and clear: common blind spots continue to place scores of organizations at risk. Companies looking to avoid becoming the next ransomware headline should take a hard look at whether they are falling into a few common traps.
False sense of security
Most organizations invest in technologies to protect against cyber-attacks, from firewalls to end point protections to layers of authentication and more. Yet this is only one part of the equation. Without a holistic approach that extends well beyond the systems themselves, organizations can cultivate a false sense of security.
Missing cyber in your disaster recovery plan
A range of challenges from COVID-19 to the growing number of natural disasters has fueled focus on Disaster Recovery (DR) and Business Continuity Planning. Yet for a surprising number of organizations, cyber risks like ransomware are not included as primary scenarios in their DR plans. There might be general reference to cyber breaches. But there's a big difference between a hacker gaining access to your network and a hacker paralyzing your operations with ransomware encryption.
Planning without practice
An Incident Response Plan or DR plan without intentional practice is as good as no plan at all. It's frankly surprising how few organizations take advantage of services like tabletop simulations. Given dependence on technology and the potency of cyber threats, working your plans through interactive simulation exercises should be standard operating procedure at least once, if not twice, per year. These tests should involve everyone with a key role to play: IT teams, senior executives, communications pros, legal and regulatory counterparts, front-line sales or customer service leads and outside technology partners.
Ignorance of what's on your network – and what matters most
For even mid-sized companies, IT networks are usually big and complex with many points of connection and layers of history. Many organizations are simply ignorant about everything on or attached to their networks, leaving room for significant vulnerabilities. Worse yet, many companies have not taken the time to identify the "crown jewels" of their data or systems. If a ransomware attack hits, you should already know what parts of your IT systems and data sets matter most, where they are and what precisely is connected to them.
Not consistently checking the logs
Dwell time refers to how long an intruder is in a given organization's network before being detected. While average dwell time is shrinking, many organizations still remain unaware of a breach for weeks or months. Some intrusions are difficult to detect but this issue points to a bigger problem – a lack of active management and monitoring of key systems. Sometimes this comes down to a painfully simple question: is anyone really combing through data from the logs?
Lack of executive-level vision and leadership
It's clear IT leadership requires a strategic seat at the table in the C-Suite and at the Board level. Yet responsibility and ownership for cybersecurity threats like ransomware cannot be the CIO's alone. All executive-level leaders must get smarter about today's threat matrix to develop a holistic security vision for the company – and then ensure it is executed.
Spending more time on tech than humans
Time spent on the technical aspects of cyber preparedness is vital. But it's clear we humans are often the weakest link. The importance of building a culture of cyber-awareness and engagement cannot be over-stated. Organizations must prioritize plain language communications that forefront "why this matters," as well as ongoing training and testing to build the right instincts among all employees and stakeholders.
Treating insurance like a plan
It's not surprising that the rise in cybercrime has been accompanied by a rise in cyber insurance. But while cyber coverage is helpful in a major incident, it should not be considered a solution or crutch. Drawing on a cyber insurance plan in an attack will mean ceding control (and your networks) to that insurer and its IT partners to resolve the situation how they deem best. Second, it can also mean gigantic increases in premiums or being blocked from securing future coverage, if your preparedness is deemed faulty.
The criminal operations that plan and perpetrate ransomware crimes are motivated innovators, always seeking the next angle or exploit. They set a mean pace and keeping up (if not ahead) requires an equal measure of focus and dedication from today’s organizational leaders – whether or not "technology" is in their titles.
Conducting an audit to identify the blind spots in your organization can make a significant difference in whether you fall prey to ransomware, and how well you respond if you do. Given the sheer complexity of the landscape, working with a trusted outside partner has become a necessity for many organizations. As the ransomware threat matrix continues to evolve, the team at ConvergeOne is here to help work through these issues to ensure the greatest levels of readiness and the best possible outcomes.