Bad actors in cyberattacks become more sophisticated even when new cybersecurity solutions are innovated to thwart them. The one category of attack that demands more attention is ransomware as bad actors are developing new ways to pressure organizations into paying ransom payments, and a successful ransomware attack makes data recovery a challenge.
The concern for ransomware is prominent, but corporate executives do not want to spend on solutions without clear evidence of the improvements being made. This is a reasonable business decision as organizations do not want to shell out for something that has a chance of failing.
However, Info-Tech's findings go against what corporate executives believe. According to Info-Tech, organizations misunderstand the risk scenarios associated with ransomware attacks and underestimate the potential financial impact of an attack. The cost of an attack is more than just the ransom when a deeper look is taken. Recovery costs include detection and response, notification, lost business and post-breach response.
To help IT leaders improve their organizations’ abilities to gain better understandings of ransomware and defend against ransomware attacks in the current climate, Info-Tech Research Group published a new research-backed industry blueprint, Build Resilience Against Ransomware Attacks.
“Organizations need to focus on building resiliency to withstand these attacks instead of solely relying on response and recovery," said Michel Hébert, Research Director at Info-Tech Research Group. “The process of building resilience is like climbing a mountain, requiring time and planning and help from others to overcome challenges and work through problems.”
The firm recommends disrupting the attack at every stage of the attack workflow. This includes putting controls in place to prevent intrusion, improve detection, respond more quickly and recover more effectively.
To start, security leaders need to conduct a resilience assessment, build a risk scenario and determine the business impact. The firm recommends that security leaders conduct a thorough assessment of the current state of the organization, identify potential gaps and assess the possible outcomes of an attack.
After that, security leaders need to reduce the attack surface. According to the firm, this means to analyze attack vectors, prioritize controls that prevent ransomware attacks, and implement ransomware protection and detection.
Finally, security leaders are recommended to go through a respond-and-recover step. This requires them to visualize, plan and practice ransomware response and recovery to reduce the potential impact of an attack.
Going back to what Hébert said, organizations need to become resilient against ransomware. Following the blueprint provided by the firm allows organizations to focus on what is in their control and cultivate strengths that allow them to protect assets, detect incursions, and respond and recover quickly in the future.
Edited by
Alex Passett
