In this discussion from CISO Champions Live, US, our panel of experts discusses how to mitigate the risks associated with a ransomware attack
Ransomware is a persistent threat to modern businesses. And due to the sheer volume of attacks, it’s rare to find a cybersecurity leader who has not been impacted by a ransomware attack, either directly or through the supply chain.
In this discussion at CISO Champions Online, US 2021, our panel discusses why ransomware is such a persistent threat, how to best mitigate such attacks, and what the future may hold for ransomware.
“There’s really not much market anymore in robbing a stagecoach,” Humana VP Business Cybersecurity Risk Jenny Menna quips. “Why do we see cyber-attacks? Because that’s where the money is.”
The panel includes:
- Nick Whitfield, Founder and Chairman, Panaseer
- Raj Badhwar, SVP & CISO, Voya Financial
- Darrell Bateman, CISO, City Bank Texas
- David Levine, VP Corporate & Information Security, CSO, Ricoh USA, Inc
- Jenny Menna, VP, Business Cybersecurity Risk, Humana
How Ransomware has Evolved
In the past, cybercriminals focused on locking your systems first so they could extort you for money. And while this is still an important part of what they do, their modern strategy is more advanced.
“We’re now in a realm and have been for a while now of double extortion,” says Ricoh USA, Inc VP Corporate and Information Security CSO David Levine. “Not only are they encrypting your data, but they’re also exfiltrating your data and then ransoming you twice. In fact, really the encryption is the last thing they do on the way out the door.”
Ransomware is not only more pervasive and more advanced but also more organized, with ransomware offered by criminal gangs as a service.
“We certainly see threat actors working in partnership and offering services to each other, which has changed the threat factor substantially,” says Panaseer Founder and Chairman Nick Whitfield. “Because obviously anyone that can buy a service can buy ransomware these days – [the attackers] don’t necessarily need any skills themselves.”
Mitigating Risks from Ransomware
Sadly, when it comes to protecting an organization from ransomware there is no ‘silver bullet’. Mitigating the risk of ransomware requires assessing your defenses from end to end and putting the appropriate measures in place.
“The reality is that nobody is bulletproof from this because the threat surface is pretty vast,” says Voya Financial Global CISO Raj Badhwar. “So, we have to constantly be on the lookout, make sure that we assess our controls and that we are ready to simulate these events.”
“At the end of the day [ransomware is] a form of malware and you’ve got to look at it like that,” adds Levine. “And you’ve got to do all of the things that you normally to try and protect yourself against the malware which is on the front end of it.”
When it comes to the key controls that can help to mitigate the threat of ransomware, the panel recommends focusing on the basics if you do not already have those in place.
“If you are not patching your own vulnerabilities, especially those that are public-facing, you are just not doing your job,” says City Bank Texas CISO Darrell Bateman. “And if you’re not deploying multifactor authentication at any point, [for] email access, remote access, these are just things you have to do.”
In addition, Badhwar recommends using behavior-based detection like endpoint detection and response (EDR) not only on endpoints but also on servers.
Levine notes that most breaches occur because of human error, which makes technologies like two-factor authentication so critical for protection against ransomware.
“Your employees really are that first line of defense of anything that’s unusual,” concludes Menna. “It’s so important that it’s not just us, it’s the employees and the developers using good security practices and not cutting corners.”