Ransomware remains an omnipresent risk in today’s threat landscape. Despite a bevy of prevention and recovery tools available, ransomware continues to wreak havoc on organizations of all sizes across industries. As of 2023, ransomware attacks went up more than 95% and a whopping 72% of businesses worldwide felt the sting of ransomware attacks. The good news is that companies have more resources at their disposal to both prevent and bounce back from an attack. Seven diverse thought leaders shared their insights and advice during January’s Ransomware Preparedness: Strategies for Secure Future summit, hosted on TechTarget’s BrightTALK platform and aimed at companies looking to better safeguard their environments from these potentially devastating attacks. Kicking off the 2024 BrightTALK summit series, it provided an eclectic mix of prevention strategies, step-by-step recovery guides and other must-knows to keep environments safe from these ongoing threats.
Prevention is still the best defense against ransomware
With newer IT frameworks, come newer security defenses. CISO John Bruggeman detailed how to utilize the increasingly popular zero-trust framework for ransomware prevention. Operating on the assumption that a breach will occur before access is granted to a user, zero trust aids prevention efforts through actions like minimizing the blast radius, i.e., minimizing the amount of data impacted by a breach. This approach also heightens visibility into an IT environment through other strategies it incorporates like identity management, mobile device management and secure access service edge.
Leena Bongale, a cloud, crypto security specialist at TD Bank, focused specifically on the rising usage of the cloud and its impact on ransomware targeting. “Ransomware in the cloud is a big problem. Cloud applications host a lot of sensitive data and are built to be accessible, making them easier for hackers to reach.” The use of the cloud has expanded along with cloud security concerns. Companies often store valuable data within their cloud systems, and it’s that very same sensitive data hackers target because companies are incentivized to pay ransomware to retrieve it from the hands of threat actors. Bongale’s summarizing message to viewers was an imminent one. “Ransomware in the cloud will not go away, best bet is to put in place the protections you need now.” The best protection against ransomware is not a one-off, single solution but a multilayered strategy of training, best practices and tools like backup service providers and a well-trained incident response team.
Empowering employees as part of your ransomware prevention was a key message from Sandra Estok, founder and CEO of Way2Protect. Estok began her talk by sharing her nightmarish experience as a victim of identity theft. Upon returning to the United States from a visit to her native Venezuela, Estok was pulled from the plane and forced out of the country despite her duly issued American work visa. “For the next six years, I had to prove I was really me over and over again, nearly ruining my marriage, my career and taking a huge toll on mental health and well-being.” The experience inspired her to switch careers from IT to cyber security, eventually founding her company to help others avoid becoming a target of such a ruinous attack. Her presentation focused on the human side of cyber security emphasizing how critical it is for users to remain aware in the present moment while using technology rather than mindlessly clicking and scrolling on autopilot. “We are what we click,” she states, “either click blindly or click wisely.”
To pay or not to pay ransomware?
What happens when even the best prevention efforts fail? Considering ransomware has grown into a multibillion-dollar industry in its own right, companies must hash out a recovery plan for when a malicious actor might strike. Instructor and IT architect at Milwaukee Area Technical College Brian Kirsch reminds viewers the best thing to do after a breach is to keep their cool. Snap judgments after a ransomware attack can do more harm than good. Kirsh advised, “Start with a list of what is compromised and what is not. Realize it’s unlikely you will remain online during recovery as engineers may have to bring the network down to prevent the spread which is a hard thing to do. Don’t jump to decisions you can’t recover from like deleting compromised VMs.” Kirsch doubled down on the importance of involving the FBI and authorities when victim to a ransomware attack, not just for legality but the ransomware might be a known product that the FBI has already cracked, helping to accelerate recovery.
— Sandra Estok, founder and CEO of Way2Protect
Ransomware victims face the dreadful — often catch-22 — choice to pay or not to pay ransomware. What can companies expect if they choose to pay the ransomware? Kirsch explains that the decryption tools provided by attackers are not professional products so their support might be questionable, and attackers do not give refunds if the decryption tools don’t work (they are criminals after all). While paying the ransomware might allow companies to control media exposure and reputational damage from the incident, they do face accountability issues and costs to worker morale. “Paying ransom is not an instant unlock.” And if they don’t pay, companies can face unwanted media attention and legal troubles if they fail to disclose the breach. Impacted companies can find many third-party consultancies and services specializing in ransomware recovery, but Kirsch urges caution when deploying such a service as such companies are more on the coordination side rather than technical. Since they don’t know the business, their solutions might not be the perfect fit for you. Services do offer benefits such as controlling media attention but companies should know they get what they pay for. “This is not the best place to cut corners.” Kirsch urged patience in the recovery process and to avoid placing blame as recovery requires a significant amount of time, effort, and expertise, and there are no quick fixes. He recommends preparing for extended work hours but also emphasizes the importance of taking breaks to prevent burnout.
Applying yesterday’s strategies to tackle today’s attacks
Jordan Wiseman, a cybersecurity consultant and fellow at Online Business Systems, shared some “old-school lessons” for ransomware preparedness in our modern age. Wiseman stated, “We live in a world with always-online environment, lots of uptime, resilient survivable architecture but we’ve gotten too used to always being online. There are some skills that may have atrophied with systems going down less frequently.” Wiseman discussed a position managing IT security for a hospital where they underwent regularly scheduled downtimes twice a year to adjust their systems to daylight savings time. The hospital prepared for this scheduled downtime by pre-printing critical data and entering data before going live. According to Wiseman, IT staff learned some valuable lessons — one being that alternate methods of communication are critical when the system goes down. While Wiseman doesn’t necessarily advise going back to the days of monthly downtimes, he does suggest companies step up their business continuity testing with dress rehearsals and utilize backup systems as data systems in the event of an attack.
Insurance can be a drag but is a necessary one. Companies must know exactly what is or what’s not covered by the chosen plan. Bongale pointed out in her presentation that cyber insurance does not cover much of the fallout from ransomware attacks. Still, cyber insurance can offer great benefits with the right plan and right understanding with providers.
Boleaum Inc.’s founder Vincent Amanyi warns viewers that while cyber insurance covers legal fees, restoring personal identities of affected customers, recovering compromised data and repairing damaged computer systems, it does not cover loss of data and profits, public exposure of sensitive data, theft of intellectual property, harm to brand reputation, lost sales, reduced marketed share, socially engineered financial fraud and cyber extortion. Amanyi further emphasized that insurance companies, unsurprisingly, are not always forthright about what they do not cover so companies must conduct thorough risk assessments to conclude what they need from a cyber insurance plan.
As an IT security and compliance analyst at Hilton Gardens Hotels, thought leader Ralph Villanueva detailed some traps to avoid when considering insurance programs. These include policy requirement compliance, how they define act of war, ambiguous coverage and exclusions, statute of limitations, liability of third parties. Companies can be proactive while implementing a new program by clarifying ambiguous provisions and negotiating with the insurer on the exact definition of coverage and exclusions.
Ransomware preparedness is just the tip of the iceberg for what viewers can take away in this new summit year. Check out the BrightTALK 2024 summit calendar and sign up for more summits to hear top thought leaders share insights to help you position your company for success.
Alicia Landsbers is a senior managing editor on the BrightTALK summits team. She previously worked on TechTarget’s networking and security group and served as senior editor for product buyer’s guides.