Ransomware is not over: Lessons learned from the latest real-world attacks
By CJ Dietzman
Listen to the audio version:
During Cybersecurity Awareness Month, it’s timely to reflect on some of the recent ransomware attacks that have occurred across industry sectors, including some very high-profile incidents occurring as recently as September. There are several factors enabling these attacks:
- Social engineering and the exploitation of human behavior continue to work for cyber criminals, as they leverage methods and techniques that target employees, staff and other personnel to achieve intended results.
- Technical vulnerabilities across the IT architecture are still offering a vast array of attack vectors and opportunities for cyber criminals to gain access to critical systems and sensitive data.
- Cyber incident readiness and response planning must be continuously monitored, reviewed, tested and enhanced. Weakness in incident response plans and procedures often contribute to costly errors and missteps for organizations during a cyber incident and crisis.
- Stagnant controls and weak spots in security tools, processes and configurations can lead to a false sense of security and readiness. Identifying the right security controls and tools is just one step in maintaining a reasonable cybersecurity architecture.
Four immediate steps for organizations to take to improve cybersecurity and resilience programs:
- Revisit incident response plans – It may be time to take a fresh and more critical look at existing IR plans and ask some key questions. Is the scope of the existing plan sufficient, based on recent changes to the organization’s business, technology stack and population of third parties? Have the right stakeholders been engaged in the development of the plan? When was the last test or tabletop exercise conducted, and was the scope and approach aligned with today’s most likely cyber threats?
- Drive for heightened cyber awareness - Enhance the organization’s approach to cybersecurity awareness and training by investing in more dynamic, engaging and effective methods. This should include more dynamic engagement with staff, employees and other resources, including a multi-layered approach throughout the year.
- Integrate cyber risk management, security and business leadership – In order to address the ever-evolving cyber threats facing organizations today, an effective approach demands that risk managers bring the best of the organization’s leadership to address the challenge. This requires input from a cross-disciplined team of stakeholders, in order to ensure the organization has truly optimized its cyber posture. The risk manager can serve as the “lynch pin” in the process.
- Enhance vigilance in security controls – A foundation of integrated cybersecurity controls, policies, procedures and tools are critical to any organization’s cyber risk management program. It’s no longer sufficient to rest on the laurels of yesterday’s controls; there must be ongoing monitoring of these controls, in addition to validation, independent testing, remediation and enhancement. In order to provide a reasonable and defensive level of cyber resilience for an organization, the level of innovation and enhancement in organizational security must consider the current and future state of cyber threat activity.
At Alliant Cyber, we are proactively working with our clients to deploy an integrated approach to cyber risk management, including assessing, quantifying, mitigating and transferring cyber risks. Our clients are seeing better cyber insurability outcomes and positioning themselves in an improved overall cyber security posture against emerging threats.
Alliant note and disclaimer: This document is designed to provide general information and guidance. Please note that prior to implementation your legal counsel should review all details or policy information. Alliant Insurance Services does not provide legal advice or legal opinions. If a legal opinion is needed, please seek the services of your own legal advisor or ask Alliant Insurance Services for a referral. This document is provided on an “as is” basis without any warranty of any kind. Alliant Insurance Services disclaims any liability for any loss or damage from reliance on this document.
News & Resources
Cyber Risk & Security Considerations in the Construction Industry
Embracing innovation is no longer an option, but a necessity. Construction companies across the industry are prioritizing innovation, with a focus on new offerings, business models and technology enablement.
Specialty Podcast: What's In Store For Cyber in 2023?
David Finz, Alliant, welcomes Jay Stampfl, Brendan Hall and CJ Dietzman, Alliant Cyber, to the podcast. The Alliant Cyber team discusses the evolving threat landscape and what clients can look forward to in 2023.