Allie Mellen, Analyst and Steve Turner, Analyst
For most CISOs today, the threat of a cyberattack isn’t a question of “if” but “when.” As attacks increase, one type is becoming more common and more damaging: ransomware attacks.
In this episode, Analysts Allie Mellen and Steve Turner explain why ransomware attacks have become more common (and more effective) and provide some insight on what can be done to deter or defend against them.
To start the episode, the analysts describe how ransomware attacks typically work and the role cryptocurrency plays. Turner says the threat is so real that many larger organizations have a cryptocurrency account or crypto wallet ready to execute a ransom payment as part of their incident response plan. But smaller or less mature firms (which are being targeted more often) may not know how to execute a payment correctly even if they wanted to.
The analysts also review some of the most high-profile ransomware attacks, including the one earlier this year that crippled the Irish health system. “That attack happened in May, and the Irish health system is still not 100% operational,” Turner says. Mellen points out that critical infrastructure organizations like hospitals or energy providers are more lucrative targets for attackers because the impact of their shutdown is more immediate and could threaten lives, forcing victims to pay the ransom quickly.
The discussion then turns to the double-edged sword of going public with an attack. Many organizations are hesitant to release information about an attack out of fear of negative brand impact. But Turner says to consider the flip side: By sharing details, other organizations can learn what methods attackers are using and how to develop defenses against them.
The episode also discusses the role of government and the potential impact legislation could have in responding to or deterring attacks.
Mellen and Turner also provide some immediate steps organizations can take to avoid being an easy target for ransomware attackers, including requiring strong password policies, using multifactor authentication, implementing the latest security technology, and having backups of all data to avoid being shut down by an attack. “Longer term, what we recommend organizations do is move from a perimeter-based security model to something like Zero Trust,” says Turner.