C-suite unprepared for NotPetya and other extinction-level cyberattacks

Many executives either don't know what their company's cyber defense is, lack budget, or spend too much time analyzing rather than taking action.

How to protect your organization against the Snatch ransomware threat Discovered and analyzed by security provider Sophos, Snatch attempts to bypass traditional security software by rebooting your PC into Safe Mode.

In a new poll of 2,800 cyber security practitioners and C-suite executives, 65% cite destructive cyber attacks like NotPetya as a top cyber security concern. The poll was conducted during the Deloitte webinar, "Is Business Ready for an Extinction-level Event?"

Most respondents said that destructive malware and ransomware negatively impacts business operations, the ability of executives to do their jobs, the organization's reputation, and stakeholder relationships.

[The findings don't] completely surprise me," said Pete Renneker, a principal in Deloitte Cyber. "It is interesting to see the variety of responses in the 'How concerned is your organization?' question. We are seeing this movement up the risk radar as it refers to this threat. Right now, we're seeing a lot of activity around ransomware and there's a financial motive. The more concerning threat is a bad actor whose motive is not financial gain but is societal destruction."

SEE: Windows 10 security: A guide for business leaders (TechRepublic Premium) 

To counter the rise of ransomware and destructive malware, 36% respondents said they are using both technical solutions and business continuity planning. An equal number said they did not know of their organizations plans or defenses, and 8.5% said they have neither technical solutions nor business continuity plans in place.

The biggest reason for a lack of defenses and recovery options, cited by 26% of respondents, was not enough budget. Lack of awareness and "paralysis by analysis" was holding back 26% of respondents. "Ownership confusion" was hampering the efforts of 7.5% to defend the organization. And just over 11% are still deciding if they want to buy or build a solution.

Of those respondents who are actively working to defend against these attacks, "a comprehensive approach to cyber resilience" (27%) and "stronger cyber defense and detection" (19%) were cited as the two main ways they are improving their defenses. "Increased executive awareness" (12%), "improved cyber incident response" (11.5%), and "an isolated recovery environment" (7%), rounded out the remaining responses.

"A lot of firms have great resiliency as far as business continuity," said Benjamin Romero, a consulting manager in the digital security division of the risk consultancy Crowe. "They have hot sites that are geographically dispersed and they test multiple times a year. And the attitude is, 'This is good and that it will take care of everything.' But what is missed is what happens if that resiliency backfires and you are sending [recovery] data that is corrupted? How do you recover from that? For many firms, that means starting from scratch. So it's really an attitude issue that is now being resolved and I don't think that it's too difficult to overcome."

DataRecoveryVault

Image: Deloitte

According to Deloitte, the reason destructive malware like the NotPetya was so successful at infecting so many systems at so many companies in such a short span of time was:

·       Poor access management: Allowing access to systems by users and applications that do not need access to those systems to do their jobs or execute, in the case of an application, a function.

·       Weak cyber hygiene: Missing patches, misconfigurations of systems, partially deployed security tools, and poor asset discovery and tracking.  

·       Poor asset management: Not understanding what devices and applications are on the network and the relationships between them.

·       Flat networks: Minimal network segmentation and zoning that allow lateral movement within the network expands an adversary's opportunities to wreak havoc.

·       Aggressive redundancy: Traditional recovery best practices call for aggressive data redundancy for critical systems. When malware is introduced, these backup capabilities can actually accelerate the spread of malware across environments.

·       Limited business awareness: Leaders that are unaware of the gaps in their defenses and the need to constantly defend against new and emerging threats designed subvert existing defenses.

About the online poll

On Dec. 4, 2019, a Deloitte Dbriefs webcast, titled "Cyber recovery: Surviving a digital extinction-level event," polled more than 2,800 C-suite and other executives about cybersecurity and cyber recovery protocol. Answer rates differed by question. 

  Also see

CyberReslience---why-attacks-are-effectiv

Image: Deloitte