Combating Ransomware for a New Era of Work

Analyzing 537 breaches across 17 countries, IBM and Ponemon Institute recently found that remote work was a contributing factor in 17.5% of cases over the past year. Additionally, remote work increased the cost of these breaches by $1.1 million, in part by making them harder to contain. According to the study, when organizations had more than half of their workforce working remotely, it took them 58 days longer to identify and contain breaches. When more than 80% of the workforce was working remotely, the cost of a breach was 27% higher than average.

Why Ransomware Is on the Rise

When thinking about where this threat has come from, you can’t ignore the role of distributed work. The more employees that are working from home, even on a part-time basis, the more attack surfaces and employee behaviors security teams must worry about. Employees juggling work, family, technology, and everything else are much more likely to succumb to a phishing email that springs the ransomware trap.

However, we can’t lay all of this at the feet of remote work. Generally, the rise in ransomware tracks with the increase in digital transformation. IT teams built systems that allowed for access anywhere, anytime, from any device. And with that flexibility comes exposure to attacks and mistakes. The more assets we have -- in more locations, with more apps -- the harder it is to maintain secure software. This “cyberstorm” is a crisis of our own creation.

Beyond digital transformation, the ransomware space itself is changing. Not only are ransomware tools more readily available on the dark web, but hackers are evolving their tactics to include data destruction and exposure. With this pressure, hackers are getting paid out, both by victim organizations and their insurers.

Analyst forecasts for the coming years continue to be bleak. Cybersecurity Ventures, for example, expects ransomware could cost organizations $265 billion by 2031. This problem isn’t going away.

Embrace Automation

The remedy comes from understanding that ransomware targets vulnerabilities of software and people. For each application and device, a vast and growing list of vulnerabilities must now be considered. Most teams are having a hard time keeping up. Security vulnerability backlogs often number in the hundreds of thousands, creating significant challenges for notoriously understaffed security teams.

Indeed, one of the most significant problems that IT teams face is prioritization. 61% of respondents in a recent survey said that they struggle to know which risk mitigations they should implement first to keep their systems secure. If they can’t handle all the vulnerabilities (which most can’t), they need to know which assets should be addressed first in terms of value or potential impact on the business.

Given this environment, there’s a clear premium on organizations being able to understand their biggest vulnerabilities and prioritize them in the context of their organizations.

Thankfully, security and IT collaboration is streamlining this effort, assisted by automation and profiling tools. These teams can now automate chunks of the patching process, including the initial risk prioritization, asset-solution mapping, patch application, and post-patch verification. The automation embodies policies and rules. It scales capacity while increasing compliance and letting the people do higher-value work (or go home for dinner).

Educate Your Human Attack Surface

While tools and processes are important, they’re not enough. Even the most buttoned-up and secure IT operation can be undone by a single employee clicking an email or link they weren’t supposed to. Ransomware is just a malware payload behind an innocent-seeming phish.

Security teams can work with HR to develop educational programming and testing that help employees understand how their choices contribute to a secure environment. Interactive, on-demand training programs can teach employees foundational security hygiene practices that help avoid many security snafus. Periodic live phishing tests are one of the best ways to train employees on how to detect true scams and fakes in the wild.

Ditch the IT and Security Silos

The notion that IT and security teams can sit in their corners and only work together when things get bad is at odds with the nature of today’s security landscape. Protecting against ransomware and other threats is a complex effort that requires collaboration across teams, including IT, security, risk & compliance. Given that all these teams have a role in preventing and responding to threats, there’s tremendous potential security and business value in getting all of them to work together.

Put another way, while we’ve long approached security as a technical challenge, I believe we need to start seeing it as a cultural and operational one. As ransomware continues to increase and hybrid work becomes ubiquitous, so must collaboration.