Innovative Response to Ransomware Will Help Us Defend Against Still-Unseen Threats Down the Road
The recent rise of ransomware, including widespread infections like the WannaCry outbreak, have had an unintentional benefit: security awareness and urgency is legitimately on the rise…for now. The ubiquity of victims, from small police departments to the largest enterprises, have caused conversations about security in the management meetings and boardrooms of companies of all sizes and across every industry. These leaders are finally asking themselves and their security teams, “Can this happen to us, and are we prepared?”
It’s the perfect opportunity for security professionals to invest their efforts in responding to this urgency. Here are three tips for having a productive conversation with leadership that turns their newfound attention into action, one that will not let this opportunity go to waste.
Bring the threat of ransomware home
While devastating to the victims, the recent rash of ransomware has been helpful in putting an objective and quantifiable face on modern threats associated in cybersecurity. While the usual security catalysts are fear, uncertainty, and doubt, the clarity of infectiousness and damage from ransomware have finally cast these threats as clear and present dangers.
Start by anchoring your description of the risks in publicly accessible and objective evidence. These widely publicized attacks have generated quality statistics and “what went wrong” stories of attacks relevant to any industry. Using these, you can present examples and scenarios that are specific to your industry, especially if it is among those more frequently targeted (such as healthcare or financial services). In almost every case, the ransom is the least of the damages, with the downtime, lost productivity, potential lost business, and reputation damage that hurt the most. The truth about these attacks is bad enough. These specific examples of companies similar to yours will drive home the point that this really could happen to you.
More broadly, these recent attacks have proven that even the best organizations can find themselves exposed because of just a few small mistakes. Ransomware has become the great equalizer: Everyone is at risk, and we all have to be proactive in protecting ourselves and planning our response when attackers target our servers and endpoints.
Develop a Communication Channel and Common Language
After reading accounts or watching coverage of some successful attack, concerned executives will predictably ask their security teams, “Are we secure? Are we OK?” This is a difficult question for security leaders because they aren’t really being asked the right question. The better question is “Are we doing enough of the right things to protect ourselves?”
Security is one area of concern and risk to the business, alongside lawsuits, earthquakes, and hostile acquirers. A good executive team wants to be sure that the area isn’t neglected, but knows that no organization can afford to do do absolutely everything. The security team, who worries every day about the myriad challenges and threats they see, recognizing that they are limited by staff, budget, or time might answer, “We’re doing the best we can.” The execs interpret that to mean that the best they can do is the best that can be done. But what the security team is really saying is that they still need to do more, and need more support.
There is often a sharp disconnect between the protection the executive suite thinks the company is achieving and actuality of the technical underpinnings to make that happen. Only by clearly defining the current threat landscape and the strategies, services and solutions required to mitigate it (including financial and human resources), can everyone be on the same page about the reality of threat protection. These public ransomware events provide a forum for this discussion.
Leverage ransomware to address bigger issues
As a security professional, you know that ransomware isn’t your only challenge — it’s just the one that happens to be getting most attention at the moment. But those same gaps that make you vulnerable to ransomware are also making you vulnerable to keyloggers, credential theft, accidental and intentional data leakage, or intellectual property crime. The good news is that good protection against ransomware will provide collateral protection for these other threats, targeting those same system.
Let ransomware be the signal flare that convinces executives it’s time to step up cybersecurity comprehensively. Ransomware is not the only campaign that starts with user errors and endpoint vulnerabilities. Protecting those systems against ransomware entry vectors, like file-based and file-less attacks, will also block the entry point for many other attacks. Focus on suggesting and adding solutions designed to address vulnerabilities that put you at risk for all malware, not just ransomware.
The Key: Learn, act, and improve
Out of every hardship or challenge comes an opportunity to learn, to do better and innovate for continuous improvement. The Tyl
enol tampering scare of 1982 is a perfect example. In 1982, product packaging was much less rigorous, and there were no tamper-resistant seals on products in stores — that was until a series of deaths were traced to cyanide-laced Tylenol capsules that had been contaminated on store shelves. The crisis not only killed at least seven people and caused widespread panic among virtually every American household, it also completely changed product packaging in the U.S. Johnson & Johnson’s prompt response to the crisis and their rapid innovation in factory sealing every bottle that came off its manufacturing line set the standard for safety and protection in the marketplace. We now see those protections, seals, and warnings, everywhere.
Today’s ransomware situation is similar — the pain so many companies have endured is raising awareness to the point that others are now recognizing the critical need to take comprehensive, preventative measures. The innovations we are seeing in response to the growing ransomware threat will help us defend against other still-unseen threats down the road. The key is ensuring that we learn from the mistakes and take action, instead of letting an opportunity for improvement pass us by.
Related: Ransomware: Where It’s Been and Where It’s Going