Security Experts:

Recent Ransomware Trends Reinforce the Need for Cyber Hygiene, Collaboration

It’s no secret that ransomware has reached near-epic proportions. We are hearing about ransomware attacks left and right – and those are just the ones we hear about. For every attack that makes the headlines, there are many more that don’t. In fact, a recent survey (PDF) by Fortinet found that more than two-thirds of organizations say they’ve been the target of at least one ransomware attack.

Ransomware is top of mind for business leaders – and the evolving threat landscape is cited as one of the biggest challenges in preventing ransomware attacks. Let’s dig into some of the other findings of the survey.

Ransomware is the top cybersecurity concern

Far and wide, ransomware is the most pressing cybersecurity challenge, with 85% of those surveyed stating they’re more worried about a ransomware attack than any other cyberthreat. Almost 100% of our respondents (95% to be precise) said they were concerned about the threat of these attacks; 77% were very or extremely concerned. And it’s easy to understand why: ransomware has seen a tenfold increase in the past year. This isn’t just fear and rumor; the threats are very real. 

How organizations are confronting these threats 

Despite the heightened sense of fear about ransomware, 95% of organizations said they felt at least moderately prepared to deal with such an attack. That said, under half of respondents have a strategy that includes tactics like network segmentation, business continuity measures, a remediation plan and testing of ransomware recovery methods. Less than a quarter are using red team/blue team exercises to identify weaknesses in security systems.

And though the majority of respondents said they have an incident response plan in place, it’s important to examine what’s included in that incident response plan. Common elements include risk assessment plans, offline backups, and cybersecurity/ransomware insurance.

Of the responding companies that lacked an incident response plan, the top reason given (54%) was inadequate skilled internal resources for developing a plan.

More training and cyber hygiene still needed

The most common element in all these plans was employee cyber training (61%). The message that end users are the primary target of ransomware attacks and are therefore the first line of defense against phishing attacks seems to have gotten through. 

However, more can be done in terms of cyber hygiene – especially given how the move to remote and hybrid work has completely changed the game in terms of expanding the attack surface. Organizations need to ensure that any cyber awareness training is being done on a regular basis and where applicable, that it’s been evolved to address the unique aspects of hybrid/remote work.

It’s not just the awareness but cyber hygiene that’s important. It involves a series of practices and precautions that keeps employees and their devices safe, particularly within a hybrid work model. For distributed networks, IoT everywhere, the adoption of multi-cloud infrastructures and a growing reliance on SaaS application usage often proves challenging to keep up with. 

Training also must include continuously providing employees with updates on new social engineering attack methodologies so they know what be on the lookout for. Smishing, vishing and angler phishing are examples of attack types that employees must learn to spot. This is an ever-changing landscape; training isn’t a one-and-done kind of thing. 

Tackling the problem requires a multi-faceted, multi-organization approach

Mitigating the risks of ransomware is going to take a village. There’s no getting around it: no company can truly combat this alone. To truly develop a strong security posture, organizations need to work with all internal and external stakeholders. That’s because more data ensures more effective responses. Accordingly, cybersecurity professionals must openly partner with global or regional law enforcement, like the Cybersecurity and Infrastructure Security Agency (CISA.) Sharing intelligence with law enforcement and other global security organizations is the only way to effectively take down cybercrime groups. Simply defeating a single ransomware incident at one organization does not reduce the overall impact within an industry or peer group.

Cybercriminals have a reputation for targeting multiple companies, networks, software verticals and systems. Public and private entities need to collaborate by sharing threat information and attack data to make attacks more difficult and resource-intensive for cybercriminals. Private-public partnerships also help victims recover their encrypted data, ultimately reducing the risks and costs associated with the attack. 

Private and public entities also expand visibility when they work together. For instance, a bank may suffer a ransomware attack but not share information responsibly with law enforcement. Then, law enforcement may end up working with a credit card company also impacted by the same cybercrime group and lack key information to understand the full scope of the criminal organization.  

No time like the present

As we near the end of 2021 and budget planning for 2022 is in full effect, now is a great opportunity to assess the state of current cyberthreats and your own cybersecurity status. The findings reinforce the need for a strategy that involves both increased cyber hygiene and improved private-public collaboration. 

RelatedPrediction Season: What's in Store for Cybersecurity in 2022?

view counter
Derek Manky is Chief Security Strategist & VP Global Threat Intelligence at FortiGuard Labs. Derek formulates security strategy with more than 15 years of cyber security experience behind him. His ultimate goal to make a positive impact in the global war on cybercrime. Manky provides thought leadership to industry, and has presented research and strategy worldwide at premier security conferences. As a cybersecurity expert, his work includes meetings with leading political figures and key policy stakeholders, including law enforcement. He is actively involved with several global threat intelligence initiatives including NATO NICP, INTERPOL Expert Working Group, the Cyber Threat Alliance (CTA) working committee and FIRST – all in effort to shape the future of actionable threat intelligence and proactive security strategy.