Connect with us

Hi, what are you looking for?


Malware & Threats

How to Take Full Advantage of the Ransomware Wake-Up Call

Innovative Response to Ransomware Will Help Us Defend Against Still-Unseen Threats Down the Road

Innovative Response to Ransomware Will Help Us Defend Against Still-Unseen Threats Down the Road

The recent rise of ransomware, including widespread infections like the WannaCry outbreak, have had an unintentional benefit: security awareness and urgency is legitimately on the rise…for now. The ubiquity of victims, from small police departments to the largest enterprises, have caused conversations about security in the management meetings and boardrooms of companies of all sizes and across every industry. These leaders are finally asking themselves and their security teams, “Can this happen to us, and are we prepared?”

It’s the perfect opportunity for security professionals to invest their efforts in responding to this urgency. Here are three tips for having a productive conversation with leadership that turns their newfound attention into action, one that will not let this opportunity go to waste.

Bring the threat of ransomware home

While devastating to the victims, the recent rash of ransomware has been helpful in putting an objective and quantifiable face on modern threats associated in cybersecurity. While the usual security catalysts are fear, uncertainty, and doubt, the clarity of infectiousness and damage from ransomware have finally cast these threats as clear and present dangers.

Start by anchoring your description of the risks in publicly accessible and objective evidence. These widely publicized attacks have generated quality statistics and “what went wrong” stories of attacks relevant to any industry. Using these, you can present examples and scenarios that are specific to your industry, especially if it is among those more frequently targeted (such as healthcare or financial services). In almost every case, the ransom is the least of the damages, with the downtime, lost productivity, potential lost business, and reputation damage that hurt the most. The truth about these attacks is bad enough. These specific examples of companies similar to yours will  drive home the point that this really could happen to you.

More broadly, these recent attacks have proven that even the best organizations can find themselves exposed because of just a few small mistakes. Ransomware has become the great equalizer: Everyone is at risk, and we all have to be proactive in protecting ourselves and planning our response when attackers target our servers and endpoints.

Advertisement. Scroll to continue reading.

Develop a Communication Channel and Common Language

After reading accounts or watching coverage of some successful attack, concerned executives will predictably ask their security teams, “Are we secure? Are we OK?” This is a difficult question for security leaders because they aren’t really being asked the right question. The better question is “Are we doing enough of the right things to protect ourselves?”

Security is one area of concern and risk to the business, alongside lawsuits, earthquakes, and hostile acquirers. A good executive team wants to be sure that the area isn’t neglected, but knows that no organization can afford to do do absolutely everything. The security team, who worries every day about the myriad challenges and threats they see, recognizing that they are limited by staff, budget, or time might answer, “We’re doing the best we can.” The execs interpret that to mean that the best they can do is the best that can be done. But what the security team is really saying is that they still need to do more, and need more support.

There is often a sharp disconnect between the protection the executive suite thinks the company is achieving and actuality of the technical underpinnings to make that happen. Only by clearly defining the current threat landscape and the strategies, services and solutions required to mitigate it (including financial and human resources), can everyone be on the same page about the reality of threat protection. These public ransomware events provide a forum for this discussion.

Leverage ransomware to address bigger issues

As a security professional, you know that ransomware isn’t your only challenge — it’s just the one that happens to be getting most attention at the moment. But those same gaps that make you vulnerable to ransomware are also making you vulnerable to keyloggers, credential theft, accidental and intentional data leakage, or intellectual property crime. The good news is that good protection against ransomware will provide collateral protection for these other threats, targeting those same system.  

 Let ransomware be the signal flare that convinces executives it’s time to step up cybersecurity comprehensively. Ransomware is not the only campaign that starts with user errors and endpoint vulnerabilities. Protecting those systems against ransomware entry vectors, like file-based and file-less attacks, will also block the entry point for many other attacks. Focus on suggesting and adding solutions designed to address vulnerabilities that put you at risk for all malware, not just ransomware.   

The Key: Learn, act, and improve

Out of every hardship or challenge comes an opportunity to learn, to do better and innovate for continuous improvement. The Tyl
enol tampering scare of 1982 is a perfect example. In 1982, product packaging was much less rigorous, and there were no tamper-resistant seals on products in stores — that was until a series of deaths were traced to cyanide-laced Tylenol capsules that had been contaminated on store shelves. The crisis not only killed at least seven people and caused widespread panic among virtually every American household, it also completely changed product packaging in the U.S. Johnson & Johnson’s prompt response to the crisis and their rapid innovation in factory sealing every bottle that came off its manufacturing line set the standard for safety and protection in the marketplace. We now see those protections, seals, and warnings, everywhere.

 Today’s ransomware situation is similar — the pain so many companies have endured is raising awareness to the point that others are now recognizing the critical need to take comprehensive, preventative measures. The innovations we are seeing in response to the growing ransomware threat will help us defend against other still-unseen threats down the road. The key is ensuring that we learn from the mistakes and take action, instead of letting an opportunity for improvement pass us by.

RelatedRansomware: Where It’s Been and Where It’s Going

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...