Ransomware remains one of the biggest security threats in 2024. This follows a concerning resurgence in 2023, where more than $450 million in ransomware payments were reported in the first half of the year alone. The proliferation of Ransomware-as-a-Service (RaaS) and the subsequent attacks against a variety of businesses—from the smallest start-up to the most powerful multinational—reinforce what security professionals already know: ransomware is not going away. So how can organizations defend against it?
CISOs are regularly asked by stakeholders—including their executive team and board of directors—how resilient their business is to a cyberattack. That answer should be formulated based on two key elements: first, is the organization doing everything it can to protect against a cyberattack? And second, is the organization doing everything it can to ensure critical business functions can continue when an attack inevitably occurs?
Unfortunately, many modern businesses are still woefully underprepared to cope with a ransomware attack. In fact, according to a study conducted by S&P Global Market Intelligence, only half of companies that reported a ransomware attack had implemented a formal remediation and recovery plan after the incident occurred. Considering that ransomware groups are increasingly targeting critical infrastructure, healthcare, and other industries where delivering services can be a matter of life and death, it’s essential that organizations focus equally on both protection and recovery. Below, we discuss five things your organization can do now to enhance its resilience in response to the ever-increasing threat of ransomware.
Cybersecurity has become a business risk, not just a technical issue. Resilient companies create a strong cybersecurity culture from the top down, making security the responsibility of every employee, not just the IT/security team. Organizations that train employees to identify the most current social engineering attacks, create policies to guard against business email compromise (BEC), and implement good cyber hygiene—such as multi-factor authentication (MFA)—will significantly move the needle towards a stronger security posture.
Improving your company’s resilience requires first creating a security baseline. Tools like breach and attack simulation (BAS) are designed to validate security controls to provide a holistic view of your organization’s security ecosystem so you can understand what the attack surface looks like, where security gaps exist, which network segments are most vulnerable, and what threat groups present the highest risk.
Then continuously test and track your company’s security posture over time. This approach allows security teams to identify what’s working well and which areas need improvement, such as control misconfigurations that may create security gaps. Understanding your security posture and its effectiveness is critical to making intelligent business decisions about risk prioritization and new investments.
Addressing worst-case scenarios and having a contingency plan in place before you get breached can minimize the financial and operational fallout when you do. What’s the cost of downtime if an attacker takes your customer support or supply chain operation offline? Are there backups in place? Have you segmented critical network operations or created redundancy? How do you contain the damage, and how quickly can you recover?
Just as importantly, how will you communicate the breach to your employees, customers, shareholders, and the board? The CEO must work proactively with the CISO, legal team, and other company officers to develop a comprehensive communication plan that can be executed as soon as a breach occurs.
At the end of 2023, the SEC adopted new rulings that require public companies to notify investors within four days following the determination of a material cyber incident. Businesses are also required to provide a written record documenting the methods and strategies of their cybersecurity program. These rules add a new level of accountability for publicly traded companies and mark a profound shift in how businesses are required to manage their cybersecurity risks.
A recovery plan will only be successful if it has been vetted and rehearsed well in advance of any cyber breach. Organizations need to complete drills around their plans regularly to ensure that everyone knows what to do when a breach occurs. These drills should include tabletop exercises, simulations, and chain-of-command communications. The timing will be critical, so all actions undertaken by the company should be agreed to and planned well in advance of such an incident.
More businesses are turning to cyber insurance as an added layer of protection from ransoms and regulatory fines. However, to manage the increasing volume of ransomware incidents, insurance providers have raised their prices, restricted coverage, and added more stringent underwriting processes. These changes have put incredible pressure on security and risk leaders, who are paying significantly more today for less coverage, if they qualify at all.
Demonstrating hard evidence of your company’s cyber resilience can help an applicant gain approval for coverage and may even help reduce the cost. Running real-world attack scenarios against production environments is a powerful way to validate that controls are in place, properly configured, and working as promised. A company’s ability to validate the effectiveness of their security controls is a strong measure of their resilience and shows insurance providers that they are indeed worth the risk.
The best defense against ransomware is a post-breach mindset. In other words, assume you will be breached and develop a solid plan to mitigate the impact. Implementing a robust security strategy is critical to protecting your company’s operations and customers, but you’ll always be outnumbered by malicious actors. Unfortunately, they only need to succeed once.
To ensure your company isn’t included in the next ransomware attack headline, prepare for a worst case scenario and focus on a recovery plan that minimizes the impact of the attack. That is the very essence of resilience.
The SafeBreach BAS platform can play a critical role in an organization’s ability to both implement this type of proactive approach to cybersecurity and clearly communicate it to key stakeholders—like their board, customers, and shareholders—to see. To learn more about how SafeBreach can help improve cyber resilience by validating security controls and monitoring your risk, schedule a discussion with a SafeBreach cybersecurity expert today.