Combating Ransomware for a New Era of Work

By analyzing 537 violations across 17 countries, IBM and the Ponemon Institute recently found that remote work was a contributing factor in 17.5% of cases over the past year. Additionally, working remotely increased the cost of these breaches by $1.1 million, in part by making them more difficult to contain. According to the study, when organizations had more than half of their workforce working remotely, it took 58 days to identify and contain the abuse. When more than 80% of the workforce was working remotely, the cost of the breach was 27% higher than the average.

Why ransomware is on the rise

When considering the source of this threat, you cannot ignore the role of distributed work. The more employees work from home, even on a part-time basis, the more attacks and employee behaviors security teams have to worry about. Employees who tamper with work, family, technology, and everything else are more likely to succumb to phishing emails that set in to the ransomware trap.

However, we cannot put all of this at the feet of remote work. In general, ransomware trails higher with the increase in digital transformation. IT teams have built systems that allow access from anywhere, at any time, from any device. With this flexibility comes vulnerability to attacks and errors. The more assets we have — more sites, more apps — the more difficult it is to keep software safe. This “electronic storm” is a crisis of our own making.

Far from digital transformation, the ransomware space itself is changing. Not only are ransomware tools readily available on the dark web, but hackers are developing their tactics to include data destruction and exposure. With this pressure, hackers get paid, by the victim organizations and their insurance companies.

Analysts’ forecasts for the coming years are still bleak. Cybersecurity Ventures, for example, expects ransomware to cost organizations $265 billion by 2031. And this problem won’t go away.

embracing automation

The remedy comes from understanding that ransomware targets vulnerabilities of programs and people. For each application and device, an extensive and growing list of vulnerabilities must now be considered. Most teams have a hard time keeping up. Backlogs of vulnerabilities often run into the hundreds of thousands, creating significant challenges for security teams that are notorious for understaffing.

In fact, one of the most important problems facing IT teams is setting priorities. 61% of respondents to a recent survey said they struggle to figure out which risk mitigations they should implement first to keep their systems safe. If they can’t handle all of the weaknesses (which most can’t), they need to know which assets to tackle first in terms of value or potential impact on the business.

Given this environment, there is a clear premium to organizations’ ability to understand their greatest weaknesses and prioritize them within the context of their organizations.

Fortunately, security and IT collaboration is simplifying this effort, with the help of automation and profiling tools. These teams can now automate parts of the patch process, including initial risk prioritization, asset solution planning, patch application, and post patch validation. Automation embodies policies and rules. It measures capacity while increasing compliance and allowing people to do work of higher value (or come home to dinner).

Educate your human attack surface

Although tools and processes are important, they are not enough. Even the most secure and visited IT operations can be rolled back with a single employee clicking on an email or link they weren’t supposed to. Ransomware is just a payload of malware behind a seemingly innocent phishing operation.

Security teams can work with human resources to develop educational programs and tests that help employees understand how their choices contribute to a safe environment. Interactive, on-demand training programs can teach employees basic security hygiene practices that help avoid multiple security shots. Regular live phishing tests are one of the best ways to train employees on how to spot real and fake scams in the wild.

Get rid of IT and security silos

The idea that IT and security teams can sit in their corners and only act when things go wrong is at odds with the nature of today’s security landscape. Protecting against ransomware and other threats is a complex effort that requires collaboration between teams, including IT, security, risk, and compliance. Given that all of these teams have a role in preventing and responding to threats, there is tremendous security and business value in having them all work together.

In other words, while we have long treated security as a technical challenge, I think we need to start seeing it as a cultural and practical challenge. As ransomware continues to increase and the hybrid business becomes ubiquitous, so too should cooperation.


Leave a Comment