Most executives cite ransomware as their biggest security concern but few have run simulated attacks to prepare, says Deloitte.
A successful ransomware attack can overwhelm an organization as we've seen many times, especially over the past several months. But while most organizations acknowledge the threat and risk of such attacks, how many are truly ready to defend themselves against one? New information from Deloitte examines whether organizations are properly prepared against a ransomware attack and offers advice on how to combat such attacks.
Conducting an online survey of 50 C-suite and other executives in June 2021 about cyber threat detection and response, Deloitte found that almost 87% expected the number of cyberattacks targeting their organizations to increase over the next 12 months. Further, 65% of the respondents cited ransomware as their greatest security concern over the next year.
However, only some are fully ready for such an attack, specifically just 33% said they've run simulated ransomware attacks to prepare themselves for this type of incident. Some 54% said that they have an incident response plan for cyberattacks in general but nothing specific to ransomware. And 6% admitted that they're largely unprepared for any type of attack.
"As some ransomware can evade antivirus tools and attackers find more ways to pressure victims to pay ransoms, these attacks often have national and global repercussions," said Curt Aubley, Deloitte Risk & Financial Advisory's detect and respond practice leader. "There's no time to waste when it comes to honing and testing incident response programs for ransomware and other cyber events."
But to be effective, cyber risk management and event preparation programs need support from the executive and board-level areas of an organization, according to Kieran Norton, Deloitte Risk & Financial Advisory's infrastructure security solution leader. Top executives must understand the role they play in preventing an attack, namely by offering oversight, governance and tone from the top as well as direct support for attack responses.
SEE: Infographic: The 5 phases of a ransomware attack (TechRepublic)
To determine how prepared they are to handle a ransomware attacks, business leaders should ask the following five questions, Norton recommends.
- Does your organization's cyber incident response plan specifically address ransomware attacks? Many organizations have created and tested cyber incident response plans but not all have such a plan and not all plans directly focus on ransomware attacks.
- Has your organization considered Zero Trust to boost your security posture against ransomware and other threats? Cybercriminals can easily exploit security gaps created by digital transformation, M&A activity, rapid cloud adoption and remote work. Removing the automatic or inherited trust given to users, workloads, networks and devices can help your organization compensate for these gaps.
- Does your organization appreciate how ransomware attackers can exploit your use of emerging technologies to propagate attacks? And are you leveraging emerging technologies to better protect our organization from those threats? Certain technologies implemented by companies as part of their digital transformation process can benefit attackers in certain ways. But you can also use those technologies to your advantage. The goal is to understand how these technologies increase your cyber risk exposure and how to use them to improve your security.
- How does your organization test for ransomware vulnerabilities? Frequent penetration testing can help you identify key vulnerabilities to learn how critical systems and assets can be accessed. Business continuity and disaster recovery testing can determine if redundant backups are available to support your business resiliency place. But ransomware can easily propagate throughout your network, so traditional backup and recovery plans may not be enough. Testing your ransomware incident response plans through simulations can help build "muscle memory" around roles, responsibilities and protocols in the event of an attack.
- Does your organization conduct threat hunting to help manage ransomware risk? Many organizations are going on the offense in cyber risk management by proactively identifying new attack patterns and new attackers before they can cause damage. By finding undetected ransomware, malware and other cyber threats, you can investigate and remediate potential threats before they get out of hand.
- Ransomware: What IT pros need to know (free PDF) (TechRepublic)
- Ransomware attackers are now using triple extortion tactics (TechRepublic)
- How to prevent another Colonial Pipeline ransomware attack (TechRepublic)
- SolarWinds attack: Cybersecurity experts share lessons learned and how to protect your business (TechRepublic)
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Hiring Kit: Cybersecurity Engineer (TechRepublic Premium)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)