What has changed?
Larger sites and companies are increasingly more attractive victims of ransomware for many reasons. It has been feasible for ransomware to enslave critical infrastructure since the industry began connecting its vulnerable control systems to the internet. The growing prevalence of IoT and the mounting pressure to manage systems more effectively is leading the industry to purposefully or unintentionally connect many critical systems to the internet through backend organizational networks, putting them at risk, says Gunter.
Meanwhile, bigger and more profitable ransomware targets have become appealing to attackers as profit from other areas levels off or declines. “Data breaches have become so prevalent that cyber criminals have had difficulty finding buyers of data on the Dark Web. So, they are turning back to the victims themselves to sell back their stolen or encrypted data,” says Justin Fier, director of cyber intelligence and analytics at Darktrace.
Company functionality, reputations, and profitability are at stake with ransomware. “Ransomware encrypts essential documents such as customer data or for example the labeling machine required for shipping out products,” says Moffitt. What is a company to do when it can’t maintain trust with customers and can’t deliver its goods?
Public health and safety are at risk with ransomware. “The next generation of ransomware will focus on denying basic resources such as clean water, electricity, gas, and sewer systems,” says Gunter. Some degree of societal breakdown is foreseeable here.
Consumer confidence, privacy, and identities fall victim to ransomware. “We are entering an era of trust attacks where threat actors work to undermine credibility and faith in our institutions. If consumers can’t trust an organization to keep their PII secure, how does the company recover?” asks Fier, who held mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems, and Abraxas.
Time, effort, and investment are all at stake. “Companies can sink significant resources into recovering from a ransomware attack as with any other kind,” says Hyde. So you pay whether you pay the ransom or simply suffer the impact of lost data.
More ransomware? No, thank you!
Since ransomware will eventually find your enterprise, prepare by implementing an information security governance model that you align with the business objectives and the risk assessment of an organization, says Gunter, who held security positions with Deloitte, KPMG, and Clearwire. “Use a security road map, implementation strategy, and security breach response plan to better protect critical systems and drive down risk."
The enterprise should then continually identify risks as these occur, implement risk remediation and mitigation strategies, secure operations, monitor and identify new risks, and come full circle to update and improve the security strategy and road map, explains Gunter.
Sign up for CIO Asia eNewsletters.