The acceleration of digital transformation, the shift to work from anywhere, and a talent shortage have dramatically changed the cybersecurity space over the past two years. These changing factors have expanded threat surfaces, exposed the problems with legacy security solutions, and given rise to ransomware campaigns. Threat actors who once focused on swiping personal identifying information (PII) and financial records are now opting to halt an entire organization’s operations for ransom. From small businesses to enterprises and from local municipalities to the federal government, no one is safe.
But has ransomware helped advocate for cybersecurity in some ways? It sounds like a provocative claim, but it's one that I’ve had recent discussions about with other cybersecurity leaders and executives.
I enjoy networking with my peers, and this is certainly a topic that keeps coming up. Based on my discussions, there’s a growing consensus that ransomware has evolved as the number one threat to enterprise security. Talent shortages are impacting our teams’ readiness to combat the threat, but preventative approaches may be a security leader’s best strategy for protecting the organization from the growing ransomware threat.
That being said, I wanted to quickly share three areas that I believe are important for security leaders to focus on from a strategic standpoint, in order to leverage ransomware as a way to bolster security.
Elevating the conversation
There’s a saying among people in the industry that you shouldn’t waste a good event. The meaning being that a tangible impact on the business — such as from a breach or data loss event—is a great time to remind senior leadership and users about the importance of cybersecurity. It’s clear that the rise of ransomware over the past several years and its entrance into corporate consciousness have given us the opportunity to elevate cybersecurity discussions to their proper level.
If nothing else, ransomware has shown business leaders that the concept of the supply chain may be as or more valuable than hard assets such as credit card data or inventory. This is a dramatic shift and is leading to elevated, healthy conversations with the C-suite and the board about the value of shifting resources to harden the organization’s cybersecurity posture. What would happen if the company was attacked? How would they fare? What impact would an attack have on operations? And what can be done to mitigate the impact of an attack?
These are all great conversations to have. People are starting to understand that everyone is a target and anyone can be monetized by attackers.
Simplifying security through automation
The other opportunity around ransomware is the drive to refocus on security fundamentals. Ransomware is just the payload, and it uses the same tactics as malware and other threats to deliver that payload. The relative simplicity of the attacks and the growing talent shortage in the cybersecurity industry is forcing us to simplify security operations, automate as much as we can, and leverage expertise and resources from the infrastructure or DevOps teams. Security is a team event now, and everyone up and down the tech stack is contributing.
One important thing to note is that we can’t just throw people at the problem anymore. Stopping ransomware requires a basic security foundation combined with risk assessment. As we plug gaps in coverage, other threats will be stopped as well — hardening our security posture along the way.
Shifting from reactive to proactive
Ransomware is forcing companies to abandon the old reactive way of dealing with cybersecurity threats to a more proactive, preventative approach. Until very recently, many organizations opted to pay the ransom and move on. But as more companies ate the cost, attackers started increasing their demands. A typical ransom used to be $10,000 to $20,000. Now ransoms are in the millions of dollars. Organizations are creating mitigation and response plans and getting stakeholders across the organization involved. How can an attack be contained? How can we mitigate the damage? And how do we remediate the issue so it doesn’t happen again? These rising ransoms have turned prevention into a long-term strategy.
So, has ransomware helped advocate for continued investment and focus on cybersecurity? Based on conversations I’m having, it has. Ransomware has made cybersecurity a primary concern for executive leadership, it’s led to better security operations through automation, and it’s forced organizations to take a proactive approach to stopping threats.
Download a free copy of this ebook that examines the relationships between security and business executives and explains why cybersecurity is truly a boardroom issue.