Ransomware attacks are continuing to rise at an alarming rate, but it is still an emerging market for cybercriminals and nation-state actors. Cyber criminals work hand-in-hand with nation-state actors. The sophistication of these attacks will continue to rise while the ecommerce boom raises ransom demands.
It is important to note that not all cyber threat actors’ motives are for financial gain. Even if the cyberattackers’ motives are for financial gain, consider that the ransom demands may simply be too high or your company or another third party simply cannot pay the ransom. And even if you were able to pay the ransom, there is no guarantee what you’re paying for will be fully restored.
According to the U.S. Treasury’s Office of Foreign Assets Control (OFAC), facilitating ransom to sanctioned hackers may be illegal and companies may be punished. The Financial Crimes Enforcement Network warned that facilitators could be prosecuted even if they or the victims did not know that the hackers demanding the ransom were subject to U.S. sanctions. This makes incident handling much tougher and makes ransomware prevention (i.e., proactive assessments and continuous monitoring to avoid impacts) even more important. The U.S. Treasury Department is effectively freezing property and interests on particular cybercriminals and cybercrime groups, thus, making it a crime to transact with them.
Trust, but verify! Typically, the cyber threat actors noted above successfully infiltrate networks through backdoor intrusions and phishing. To boost ransomware prevention, consider adopting multifactor authorization, ‘zero trust architectures, and appropriate security control frameworks.’
Is cybersecurity expensive? No, it’s scalable to the organization; but like everything in life, there is a cost. Organizations that have been impacted often go on a shopping spree buying all kinds of security appliances and devices. Buying sprees do not equal better security; it only guarantees increased spend and in many cases wasteful spend.
Ensure proper oversight as a ‘check and balance’ against your IT staff, processes, technology and infrastructure through threat emulation penetration testing. Threat emulation penetration testing combined w/a Virtual Chief Information Security Officer security gap analysis will allow your organization to make well informed decisions.
During essential threat emulation exercises, certified and authorized hackers attempt to hack your environment. Additional ransomware prevention measures include but are not limited to implementing a bug bounty program, conducting incident response exercises, and ensuring 24/7/365 monitoring of the IT environment.
If your business does not have a Chief Information Security Officer (CISO) / Chief Security Officer (CSO), that is usually a red flag. Consider filling this gap with a qualified virtual CISO / CSO. Outsourcing this important role is affordable (including for small-to-medium sized enterprises) and has several advantages, e.g. higher qualifications and experience for the spend, cost savings over a full time employee, helps align and define your security strategy, significantly reduces cyber risks, helps eliminate groupthink and wasteful spend, among many other advantages over a full time position.