Ransomware: The Unseen Threat 

Author

Agnidipta Sarkar

Read Time

3 Minutes

Last Updated

May 16, 2024

table of contents

Intro: 

The CISO’s role progression parallels the cybersecurity world’s evolution. Security is no longer just an “IT thing”, rather, a CISO sets themselves apart from the other C-Suite officers with their multi-faceted knowledge. In particular, the rise in ransomware attacks has kept CISOs on their toes, as they balance a multitude of different situations. The question of how to prevent, combat, and deal with the fall out of ransomware is one with no easy answer. I want to delve further into the struggles companies face with ransomware and how CISO’s can enhance their effectiveness.

What is ransomware?

Before we discuss how the CISO role is unique in its actions, it is important to expand on the most popular hacker attack: ransomware.

Ransomware is malicious software, intent on landing on a computer and encrypting its files, thus rendering the computer inaccessible to its user. Not only can they encrypt your files, but your master boot record, login, and more. The ransom is demanded after this encryption is in place, rendering you with no ability to take back power.

In fact, these ransomware attackers have evolved their strategies and now target critical infrastructure sectors rather than just financial industries. This level of ingenuity underscores the massive threat these malicious actors pose to companies, highlighting the urgent need for better education and preparedness.

Ransom Payments

While the technical aspect of malicious actors in ransomware is concerning as one searches how to protect their data, there are nontechnical aspects that bring just as much stress. The role of the ransom these malicious actors demand displays the need for versatile and innovative CISOs.

3 common nontechnical aspects that a CISO must consider are:

  1. How to pay ransom: When asked to pay your ransom, you must consider the way in which your country allows you to pay it, as there are various laws depending on the country.
  2. Next steps: If you do end up making this payment, how do you do so? Ransom demands are usually made in bitcoins, yet, if you are a company whose financial system is not made on bitcoins then you must figure out how to acquire bitcoins to then give.
  3. Cyber Insurance: Do you have cyber insurance and if so, how does it affect these ransom demands? If you don’t have it, how do you decide on paying premiums and selecting the best insurance?

The numerous non-technical challenges emphasize the multitude of roles a CISO must play. They are not only technically based but must think financially as well.

Communication

Surprisingly, the biggest downfall of a company’s ransomware response is not how they fix their security, rather, how they communicate with the public. Ineffective communication can jeopardize a company’s stock value. A vetted medium between keeping stakeholders informed and making disclosures to the public without causing undue panic is essential. CISOs carry immense responsibility, as their actions not only impact internal security but also influence customer perceptions.

Investment

On the technical front, investing in the visibility of deviations is critical in effectively detecting and responding to ransomware attacks. Technology that monitors your logs and traffic can reveal the absence or presence of an attack.

  1. Investment in Observability: CISOs must invest in tools that enable their organization to detect potential attacks, their origin, and the extent of compromise. There is technology that monitors files so if the parameter of the file changes, there is an assumption that something is wrong.
  2. Database Activity Monitoring: Employing signature-based tools can help detect known ransomware signatures within the network.
  3. Indicator of an attack & compromise: Behavioral analysis can help identify potential attacks, whereas identifying a compromise typically occurs after an attack.

Microsegmentation:

Microsegmentation is of utmost importance when defending against ransomware attacks as it serves as your last line of defense. Without the means to stop lateral movement, cybercriminals can access critical data within days. Once breached, in prior years, a hacker would take 180 days to access your data, but now it only takes them two days. By adopting microsegmentation strategies, CISOs can enhance their resilience against ransomware threats.

Conclusion

Ransomware poses a significant threat to modern organizations, with cybercriminals continuously innovating their tactics. In defense, organizations need a multi-pronged approach that includes observability, microsegmentation, DLP (Data Loss Prevention), and crisis management preparedness. By staying vigilant, investing in the right technologies, and fostering a security-first culture, CISOs can achieve effective ransomware resilience and preparedness.