Think You Are Prepared for Ransomware? You’re Probably Not. | CSO Online

Think You Are Prepared for Ransomware? You’re Probably Not. | CSO Online

Ransomware has increased nearly 1100% over the last year according to FortiGuard Labs research, impacting organizations of all sizes and across all market sectors. And according to Fortinet’s State of Ransomware survey, 96% of organizations indicate that they are concerned about the threat of a ransomware attack, with 85% reporting that they are more worried about a ransomware attack than any other cyber threat. As a result, preparing for a ransomware attack has become a boardroom issue and a top priority for CISOs worldwide.

And the concern is genuine. Over two-thirds of respondents admitted to having been the target of a ransomware attack, with one in six claiming to have been attacked three or more times. Fortunately, knowing that a specific type of attack may be headed one’s way provides an opportunity to prepare.

Ninety-six percent of respondents feel they are at least moderately prepared. Their top preparedness measures include employee cyber training, ongoing risk assessment, offline data backups, and cybersecurity/ransomware insurance. But less than half includes such things as network segmentation, business continuity measures, a remediation plan, the testing of ransomware recovery methods, or red team/blue team exercises designed to identify weaknesses in security systems—all things most security experts see as crucial elements of any successful ransomware mitigation strategy.

Similarly, many critical technologies are low on the list of tools seen as essential for combating ransomware. While a secure web gateway, VPN, and network access control are at the top of the list, those tools primarily focus on the attack vectors created by remote workers. Essential tools designed to address other attack vectors, such as a secure email gateway, segmentation, UEBA, and sandboxing, are at the bottom of the list, prioritized by less than a third of respondents. And even protections for remote workers are limited, with ZTNA and SD-WAN also near the bottom of the list.

One of the most controversial topics related to ransomware is whether to pay a ransom. The FBI advises organizations not to pay, citing several reasons, including that a majority either do not recover their data after paying or find that recovered data has been corrupted and that paying simply encourages cybercriminals. The Fortinet survey showed nearly three-quarters of respondents have a ransom policy in place, and for 74%, that policy is to pay, with 24% adding a caveat that it depends on how expensive the ransom is.

Some of this may be due to most organizations in the survey claiming to have ransomware insurance in place. Some argue that having cyber insurance in place encourages ransomware victims to simply pay because ransoms are be covered by their insurers. According to one extensive report from the Royal United Services Institute for Defence and Security Studies (RUSI) in the UK, efforts are underway to either ban insurers from paying ransoms to discourage the business model driving the growth of ransomware or having insurers “withdraw coverage for ransom payments while retaining coverage for the costs of recovering from an attack, as AXA France did in May 2021.”

Take the Proper Steps to Prepare

What is clear is that there is little agreement across organizations as to what it means to be prepared for a ransomware attack. To start, organizations should follow the following five steps to help them better prepare.

These steps will go a long way towards ensuring that any organization is prepared to successfully defend itself against ransomware. We are facing what may well be an existential threat to our global digital economy, and the only way to respond is for everyone to take the time and effort to close the opportunity for ransomware actors to thrive.

Learn more about Fortinet’s NSE Training Institute free Information Security Awareness and Training Service.

This content was originally published here.

Laat een reactie achter

Het e-mailadres wordt niet gepubliceerd.