Strengthening cyber resilience -- cautious collaboration between organizations and third-party vendors needed
Ransomware is continuously on the rise. Despite multiple major law enforcement actions against ransomware groups over the past year, there has been a significant increase in ransomware attacks between 2023 and 2024. Interestingly enough, there was also a tracked 35 percent drop in ransomware payments in 2024, but it is clear that this is not stopping ransomware attacks from continuing as threat actors are finding other ways to monetize the data they’re stealing.
To combat this rise, cyber security measures within organizations need to be improved at every level, especially as the threat landscape grows even more complex. This past year has shown us that the importance of careful third-party vendor collaboration particularly must not be overlooked. With that said, there are a few considerations that need to take priority as 2025 progresses.
Maintaining cyber hygiene and assessing third-party vendor risk
Unsurprisingly, maintaining strong cyber hygiene and adhering to cybersecurity best practices helps to ensure ongoing protection that will help prevent ransomware attacks and other security breaches, keeping organizations out of the headlines for a data leak. This includes practices such as reviewing incident response plans and identifying potential weak spots as well as confirming that all critical systems have recent and functioning backups.
Beyond taking a look internally, organizations also need to evaluate the types of access they grant to third-party vendors and software within their networks. This must be done carefully, as it can be difficult to strike a balance between an organization’s security priorities and its operational goals. This evaluation should also include considerations for network segmentation, zero-trust frameworks, and other defense mechanisms as part of their broader security strategy. While organizations can be expected to assess risk differently due to 2024’s events, it is unlikely they will significantly alter how they manage access for their security vendors. For example, historical events such as the SolarWinds breach in 2020-2021, led to temporary adjustments but it didn’t deter organizations from continuing to use SolarWinds products long-term. This is precisely why third-party vendor use will not decline, but it needs to be more deliberately assessed and evaluated.
Adopting software transparency
As a result of last year’s events, vendors were encouraged to adopt more transparency about the software they create through the software bill of materials (SBOM). Essentially, an SBOM lets end users know what open-source and third-party components are implemented into the software products they are using. This not only ensures that customers are aware of what exactly is in the software, but also helps them better identify software vulnerabilities that otherwise wouldn’t be as obvious to them.
Given the way vendors tend to incorporate different open-source projects and pull different libraries off of GitHub into their technology, we will surely see more vendors adopt this level of transparency regarding their software. This level of transparency will help companies better defend against exploits and prepare for software updates. Going forward, these industry-wide changes can have a major effect on protecting organizations from the harmful impacts of future outages. We might even see these changes come from some sort of regulatory level in the future as well.
Looking ahead at industry regulation and compliance frameworks
While organizations and vendors are already taking steps to ensure they are prepared for better collaboration and stronger cyber resilience, there is also a call for more action from an industry level. Scrutiny on major technology vendors understandably escalated given the increased trust that was originally given to them - as well as their widespread use across networks over recent years. As we have all seen, an issue with a single vendor can quickly affect thousands of customer companies. As a result, there is a growing need for industry regulation and compliance frameworks going forward. However, it is important to recognize that this takes tremendous time and effort—it requires getting lawmakers to agree and putting everyone in the right rooms at the right times. These changes do not happen overnight and it takes a lot of patience and persistence to make them happen.
With that said, several incident and reporting regulations have been discussed but remain unfinalized, but with hope for potential implementation in 2025. For example, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is working on a reporting rule for Critical Infrastructure that may move forward in the near future. Additionally, TSA has proposed regulations for surface transportation companies and pipeline operators, which could significantly affect organizations. Overall, regulations will evolve in 2025 and beyond. While some may come from the federal level, such as the Cybersecurity Maturity Model Certification (CMMC) and the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), states typically are able to enact these regulations more swiftly than the federal government. In recent years, states such as California, Virginia, New York, and Massachusetts have enacted laws and regulations focusing on privacy, cybersecurity, personal information protection, critical infrastructure security, and financial services.
It is important to note that while ransomware attacks can be highly unpredictable and difficult to avoid, the measures outlined above have the potential to decrease the probability of these events and their levels of disruption dramatically. Of course, this past year is not the first time these types of incidents have occurred. However, the increase of such events in 2024 and their caliber of impact has certainly provided the wake-up call organizations need to make the necessary internal and external changes to improve their security posture in the midst of a rapidly developing threat landscape.
Image Credit: Fuji Agung / Dreamstime.com
Nick Carroll is Cyber Incident Response Manager, Nightwing.