Ransomware is not over: Lessons learned from the latest real-world attacks

Listen to the audio version: 

During Cybersecurity Awareness Month, it’s timely to reflect on some of the recent ransomware attacks that have occurred across industry sectors, including some very high-profile incidents occurring as recently as September. There are several factors enabling these attacks:

• Social engineering and the exploitation of human behavior continue to work for cyber criminals, as they leverage methods and techniques that target employees, staff and other personnel to achieve intended results.
  
  
• Technical vulnerabilities across the IT architecture are still offering a vast array of attack vectors and opportunities for cyber criminals to gain access to critical systems and sensitive data.
  
  
• Cyber incident readiness and response planning must be continuously monitored, reviewed, tested and enhanced. Weakness in incident response plans and procedures often contribute to costly errors and missteps for organizations during a cyber incident and crisis.
  
  
• Stagnant controls and weak spots in security tools, processes and configurations can lead to a false sense of security and readiness. Identifying the right security controls and tools is just one step in maintaining a reasonable cybersecurity architecture.
  
  

Four immediate steps for organizations to take to improve cybersecurity and resilience programs:

1. Revisit incident response plans – It may be time to take a fresh and more critical look at existing IR plans and ask some key questions. Is the scope of the existing plan sufficient, based on recent changes to the organization’s business, technology stack and population of third parties? Have the right stakeholders been engaged in the development of the plan? When was the last test or tabletop exercise conducted, and was the scope and approach aligned with today’s most likely cyber threats? 
   
   
2. Drive for heightened cyber awareness - Enhance the organization’s approach to cybersecurity awareness and training by investing in more dynamic, engaging and effective methods. This should include more dynamic engagement with staff, employees and other resources, including a multi-layered approach throughout the year.
   
   
3. Integrate cyber risk management, security and business leadership – In order to address the ever-evolving cyber threats facing organizations today, an effective approach demands that risk managers bring the best of the organization’s leadership to address the challenge. This requires input from a cross-disciplined team of stakeholders, in order to ensure the organization has truly optimized its cyber posture. The risk manager can serve as the “lynch pin” in the process.
   
   
4. Enhance vigilance in security controls – A foundation of integrated cybersecurity controls, policies, procedures and tools are critical to any organization’s cyber risk management program. It’s no longer sufficient to rest on the laurels of yesterday’s controls; there must be ongoing monitoring of these controls, in addition to validation, independent testing, remediation and enhancement. In order to provide a reasonable and defensive level of cyber resilience for an organization, the level of innovation and enhancement in organizational security must consider the current and future state of cyber threat activity.   

At Alliant Cyber, we are proactively working with our clients to deploy an integrated approach to cyber risk management, including assessing, quantifying, mitigating and transferring cyber risks. Our clients are seeing better cyber insurability outcomes and positioning themselves in an improved overall cyber security posture against emerging threats. 

See More Cybersecurity Awareness Month Resources