Your company should now be compensating for the capabilities of modern ransomware

The “if, not when” mentality surrounding ransomware is perhaps the greatest modern threat to business longevity. Businesses of all sizes and industries are increasingly targeted by ransomware attacks, and we know it 94% of organizations experienced a cybersecurity incident last year alone. Yet many enterprises continue to work with decades-old security protocols that are not equipped to fight modern ransomware. Leaders have prioritized improving physical security measures in the face of the pandemic – so why hasn’t ransomware protection improved?

Perhaps it is the wrong idea that ransomware attacks are declining. In reality, Q1 of 2022 saw a 200% year over year increase in ransomware incidents. Meanwhile, the proliferation of Ransomware as a Service (RaaS) offerings suggests that cyber threats have become a commodity for bad actors.

The RaaS market presents a new and disturbing trend for business leaders and IT professionals. With RaaS – a subscription-based ransomware model that allows affiliates to deploy malware for a fee – the barrier to entry for hackers is lower than ever. The relatively unskilled nature of RaaS hackers may explain why average ransomware downtime has dropped only 3.85 days (compared to an average attack duration of more than two months in 2019). While the reduction in attack duration is promising, the rise of RaaS still suggests an inconvenient truth for business leaders: All organizations are at risk. And over time, all organizations will become a target, which is why it’s time for IT and business leaders to implement strict cybersecurity protocols.

The ransomware waiting game is more dangerous than ever

In January 2022, hackers broke into data centers in Bernalillo County, New Mexico. Days of critical infrastructure outages followed, including the shutting down of security cameras and automatic locking mechanisms at the province’s largest detention center. Months after subverting the ransomware agents, officials in Bernalillo County implemented a robust cybersecurity strategy that includes endpoint detection and response systems (EDR), multi-factor authentication (MFA) on all employee accounts, 24/7 security monitoring, and new virus scanning software.

The Bernalillo County ransomware breach and subsequent response yield several lessons. First, the attack shows that ransomware can harm organizations and citizens in non-monetary ways. During the incident, residents of Bernalillo County experienced a critical service interruption and county inmates spent several days in their cells. This is consistent with Gartner’s prediction that ransomware attacks will cause increasing damage in the physical world, with human casualties as early as 2025.

The incident is also an example of a firm (albeit delayed) response to the fight against ransomware. Necessary cybersecurity measures such as MFA, remote monitoring, and EDR help prevent successful ransomware attacks, but only if professionals deploy them before a cyber attack. Unfortunately, many business leaders continue to wait for a reason to implement robust cybersecurity protocols. As a result, their organizations ultimately and inevitably suffer like the residents of Bernalillo County.

Prioritizing a proactive security strategy is critical

Organizations don’t have to settle for or compromise with ransomware agents. Business and IT leaders have access to the same evolving AI and machine learning (ML) capabilities that modern hackers use, meaning organizations’ cybersecurity can be equally effective and flexible. Decision makers who want to avoid the collateral damage of cyberattacks must implement a ransomware protection strategy today.

More often than not, adequate tactile protection plans require a third-party vendor to provide security insights or monitoring capabilities. But business and IT leaders should only consider Ransomware Protection as a Service (RPaaS) solutions that provide adaptive strategies for cloud-based, on-prem and hybrid data centers. This ensures that as an organization grows – or in some cases shrinks – its cybersecurity suite can scale without additional software.

And that level of scalability is more important than ever before. According to Gartner, 30% of companies will use an all-in-one SaaS cybersecurity solution by 2024. This indicates that consolidation and optimization are now key considerations when selecting additional services. Therefore, business leaders should consider a cybersecurity solution that offers a wide range of interoperable managed services.

Cybersecurity in hybrid work environments

Leaders should also carefully vet all offers from potential cybersecurity vendors. A chosen provider must offer at least EDR and Security Information and Event Management (SIEM) solutions.

EDR is a critical part of a rigorous cybersecurity program, especially in the hybrid work environment, where employees’ devices (or endpoints) are scattered around the world. The existence of different endpoints poses a new challenge in cybersecurity. It also reinforces the importance of trusted cybersecurity parameters such as MFA and single sign-on (SSO) protocols that protect network access points from malicious parties. EDR systems provide peace of mind to IT and business leaders regardless of their employees’ location.

Likewise, SIEM provides leaders with a necessary component of operational efficiency in a complicated work world: data visibility. When deployed system-wide, SIEM aggregates data and aggregates all insights into a unified dashboard. This feature removes the noise from business-critical information, enabling IT professionals to make well-informed cybersecurity decisions. Using ML, SIEM can also propose enhanced security measures and improved efficiency tailored to the host organization.

Should an attack occur, AI-assisted solutions reduce threat vectors and associated costs. According to IBM, organizations that successfully deploy AI-based applications such as SIEM solve cyberthreats 27% faster than their competitors. And since long-term data breaches can make all the difference in millions of dollars in losses, organizations should consider adopting RPaaS tools like EDR and SIEM as soon as possible.

Ransomware: Preparing for the ‘when’, not the ‘if’

The first step in tackling ransomware threats is accepting that sooner or later your organization will be a target. This realization will become even more important as we witness an increase in interest in loose ransomware via RaaS and as international conflicts increase the likelihood of large-scale breaches.

There’s good news: while ransomware attacks are inevitable, breaches are not. With robust cyber defenses, organizations can avoid financial losses and business-critical service interruptions. The key to preparing for a phishing or ransomware attempt is finding a trusted partner to help you along your journey.

But there are other opportunities for critical improvements in cyber infrastructure. For example, organizations can — and should — conduct information campaigns on personal cyber hygiene. Employees are often the first line of defense against cyber attacks, and almost 90% of data breaches are caused by human error.

In other words, awareness does not stop with corporate leaders. Our modern work environment would benefit from a paradigm shift when it comes to cybersecurity. After all, enlisting the help of a verified partner or educating colleagues on the importance of cyber defense can make the difference between business as usual and millions in financial losses.

Allen Jenkins is CISO and VP of cybersecurity consulting at InterVision