Security leaders must build resiliency against these complex attacks immediately.
Cyberattacks, especially ransomware, are becoming more sophisticated more frequent, with more severe impacts, year over year. These attacks can quickly encrypt systems and steal sensitive data, making data recovery challenging for organizations. Although there is much concern about the ransomware threat, corporate executives are not yet willing to spend on solutions without clear evidence of the improvements being made. To help IT leaders improve their organization’s ability to prevent incursions and defend against ransomware attacks in the current climate, global IT research and advisory firm Info-Tech Research Group has published a new research-backed industry blueprint, titled Build Resilience Against Ransomware Attacks.
Ransomware is a high-profile threat that demands immediate attention, as it is a much more complex security threat than other types of attacks. Malicious actors have also developed increasingly sophisticated methods to pressure organizations into paying ransom payments. These emerging strains can exfiltrate, encrypt, and destroy data and backups in hours, making data recovery a grueling challenge.
“As ransomware attacks become more frequent and impactful, organizations need to focus on building resiliency to withstand these attacks instead of solely relying on response and recovery,” says Michel Hébert, research director at Info-Tech Research Group. “The process of building resilience is like climbing a mountain, requiring time, planning, and help from others to overcome challenges and work through problems.”
Info-Tech’s findings show that organizations often misunderstand the risk scenarios associated with ransomware attacks, which can lead to underestimating the potential impact of an attack. The cost of a ransomware attack goes beyond just the ransom, with four key areas driving recovery costs: detection and response, notification, lost business, and post-breach response.
To effectively protect against ransomware, the firm recommends disrupting the attack at every stage of the attack workflow, which includes putting controls in place to prevent intrusion, improve detection, respond quickly, and recover effectively. Organizations also struggle with “dwell time,” which is the time between when a malicious actor gains access to a network and when they are detected. Organizations must improve their ability to detect and respond early to prevent serious disruption from ransomware attacks.
As outlined in the blueprint, security leaders must conduct a thorough assessment of their current state, identify potential gaps, and assess the possible outcomes of an attack. Info-Tech advises the following holistic methodology to build resiliency against potential ransomware attacks:
Assess resilience – It is essential to conduct a resilience assessment, build a risk scenario, and determine the business impact. Conduct a thorough assessment of the current state, identify potential gaps, and assess the possible outcomes of an attack.
Protect and detect – Analyze attack vectors, prioritize controls that prevent ransomware attacks, and implement ransomware protection and detection to reduce the attack surface.
Respond and recover – Visualize, plan, and practice ransomware response and recovery to reduce the potential impact of an attack.
Resiliency is crucial to surviving a ransomware attack. As covered by Info-Tech’s resource, organizations should focus now on what is in their control and cultivate strengths that allow them to protect assets, detect incursions, and respond and recover quickly in the future.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!