_Christophe_Coat_Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop "Organizations Losing the Ransomware Battle")
Successful ransomware attacks continue to rise, not due to increased technological sophistication, but because cybercriminals have identified a vulnerability in the cybersecurity defenses of many large organizations. Despite significant investments in cybersecurity measures, both from the private and public sectors, numerous organizations still lack the necessary resilience to combat ransomware attacks effectively.
A seasoned expert with over 40 years of experience in auditing and cybersecurity domains has highlighted two crucial factors contributing to the lack of ransomware resilience in organizations. First, recent high-profile breaches in sectors like gaming, consumer goods manufacturing, and healthcare reveal that some organizations have not implemented foundational cybersecurity practices. Furthermore, even for organizations that have implemented these practices, there is often a failure to continuously verify and validate their effectiveness over time, leading to decreased protection against evolving cyber threats.
In response to these challenges, organizations are recommended to take three key actions to strengthen their defense against ransomware. Firstly, they should recommit to foundational practices, such as implementing two-factor authentication (2FA) for access management, a simple yet crucial control that was absent in the ransomware attack on UnitedHealth Group/Change Healthcare, causing disruptions in patient care and financial transactions.
Secondly, organizations must ensure that foundational practices are “institutionalized” and maintained over time, rather than being treated as one-time implementations. This involves documenting practices, allocating skilled resources, enforcing policies, and assessing the effectiveness of cybersecurity measures continually. For instance, the lack of basic encryption practices in a ransomware attack raises questions about the institutionalization of data protection policies within organizations.
Lastly, organizations should focus on measuring and enhancing the effectiveness of foundational practices through active performance management. While cybersecurity frameworks like the NIST Cybersecurity Framework can guide program development, their usage alone does not guarantee success. Organizations must actively measure the impact of cybersecurity practices and controls to ensure their ongoing effectiveness and prevent vulnerabilities from going unnoticed.
By prioritizing foundational controls, investing in maintenance skills, and implementing robust performance management practices, organizations can enhance their cybersecurity posture and reduce the risk of falling victim to ransomware attacks. Institutionalizing and sustaining fundamental cybersecurity practices require continuous effort and vigilance, but the benefits of improved resilience and reduced susceptibility to cyber threats make these endeavors essential for modern organizations.