Rebalancing the cybersecurity equation to mitigate ransomware risks
With the average cost of a data breach now at $4.2 million, growing cyber threats like ransomware and the hybrid workforce have organizations worldwide looking to mitigate risk at every layer of the organization.
Securing your organization is like balancing an equation: people + skills + technology = security. Where many security strategies fall short is having an unbalanced equation.
Ransomware proves to be a good use case when considering how to balance this equation. On the technology side, leaders and technical teams can take measures like maintaining backups, reviewing port settings and implementing an Intrusion Detection System.
Yet, we’ve seen firsthand that even the most advanced cybersecurity technology is ineffective without a skilled technical team and cyber-aware employees. This unbalanced equation has led to record-breaking ransomware payouts this past year.
To balance this equation and minimize ransomware’s impact, organizations must make strategic investments into all three aspects. Here, we will examine opportunities to invest in the people and skills part of this equation, look at what is most commonly missing across many organizations and provide some remediation advice.
Executive-level cyber training
In a recent Deloitte poll, over 60 percent of executives reported being concerned about ransomware. However, only 33.3 percent said their organizations have simulated ransomware attacks to prepare for an incident.
Often, it’s not until the organization is hit with ransomware that the executive team realizes they were not educated on prevention and remediation. Security and risk leaders must now educate executives on these threats and demands, implement proactive ransomware prevention and protection strategies, and ensure policy and administrative procedures are in place via tabletop exercises.
For senior leaders, there needs to be targeted education that focuses on cyber threats from their perspective and about specific incidents that may target them directly, like whale phishing. This facilitates discussion on the problem and the need to drive ransomware awareness and education from the top down. For this reason, tailored security awareness training catered to the executive level is effective and worth the extra effort.
Employee cyber training
Most ransomware infections begin with an employee clicking or downloading a malicious file, granting attackers access to the organization’s environment. This puts the attacker's target directly on the end-user, which is why consistent security awareness training is still one of the most effective tools for combating ransomware.
Training should cover not just what ransomware is and what it does, but also how hackers can infect systems with ransomware:
- With phishing emails, where hackers impersonate brands to manipulate employees into disclosing sensitive information or access
- Through malicious websites and file downloads
- Or even with seemingly benign removable media like USB drives.
Helping employees understand how to help prevent this type of cyber incident and how these skills can keep their families cyber safe at home makes their training relevant and memorable.
IT and security team training
IT and security teams significantly impact how an organization survives a ransomware attack. Investment into IT and security team skills ensures your organization is prepared to defend against the growing ransomware threat.
These teams must train and learn to respond appropriately when there is an attack -- from prevention and detection to response and forensics investigation. There must be hands-on training that enables technical teams to manage the details and real-life decisions that come with successfully recovering from an attack.
A best practice is scheduled, structured simulation to validate readiness and enable constant improvement. Fortunately, most of the information needed to do these things exists in free, open-source information or training from a trusted vendor.
Balancing the cybersecurity equation
As leaders are looking to mitigate ransomware risk, it’s critical to invest in all three aspects of the cybersecurity equation. Even with advanced technology, there must be well-trained employees to defend your data at every level of the organization. By breaking down the investments into the people and skills layers of cybersecurity, organizations and employees can better understand how to counter cyber threats.
Keatron Evans, CISSP, CEH, CSSP, LTP, is Principal Security Researcher, Instructor & Author, Infosec Institute. He is a cybersecurity and workforce development expert with over 17 years of experience in penetration testing, incident response and information security management for federal agencies and Fortune 500 organizations. He is Principal Security Researcher at Infosec Institute, where he empowers the human side of cybersecurity with cyber knowledge and skills to outsmart cybercrime. Keatron is an established researcher, instructor and speaker, as well as the lead author of the bestselling book, Chained Exploits: Advanced Hacking Attacks from Start to Finish. He regularly speaks at industry events like Black Hat, OWASP, ISACA and RSA, and serves as a cybersecurity subject matter expert for major media outlets like CNN, Fox News, Information Security Magazine and more.