CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Unraveling the True Cost of Ransomware Attacks and Essential Strategies for Mitigation

A ransomware attack can demoralize or debilitate organizations quite like no other. Not only does ransomware strike a company's morale, but it also causes massive financial losses along with reputational damage that could prove difficult to repair.

Cybersecurity Ventures predicted global ransomware damage costs to reach $20 billion annually in 2021, up from $325 million in 2015. In eight years from now, the costs will exceed $265 billion.

If these predictions hold true, businesses are rightfully concerned about how much ransomware could cost them in the coming years. However, protecting against it shouldn't cost the earth.

 

Switching Tactics

Cybersecurity strategies have changed in recent years as the industry has broadly accepted that suffering a data breach is more of a "when, not if" situation. In response, many businesses are now focused on prevention, preparation, and response.

With such a switch in mentality, businesses assume they will need more work and more resources and, inevitably, incur more costs. Although that may be the case in the first instance, if businesses are clever in setting up their cybersecurity strategy, they can save money in the long run.

It's vital that going forward, there is a greater focus on balancing the overall return on investment (ROI) and the level of risk an organization's cybersecurity strategy presents.

 

Reassessing Priorities and Getting ROI

Although security strategies have evolved, many organizations over-rely on technology products to meet their cybersecurity needs. While products and solutions, of course, have their place, businesses need to strike a balance between technology, people, and processes – ideally with technology acting as an underlying factor to support the other two.

No organization will ever be 100% secure, but those who fare the best have an internal culture that supports and takes an offensive approach to security, makes it everyone's responsibility, and proactively and proactively communicates on the subject with its board, C-level, and employees effectively.

In addition, by increasing security maturity and measuring oneself on an evolving scale rather than looking at it as black and white, whether we are secure or not, businesses will automatically make strategic, as well as operational, decisions and related investments. This process promotes a focus on improvement and where money is going (versus solely having the latest and greatest platform on the market and hoping it provides the protection the business seeks).

Ensuring ROI means focusing on security posture overall. Businesses want to be sure they have a tolerable level of risk, are resilient to attacks such as ransomware, and their reputation remains intact.

Businesses can't control everything, so prioritizing key assets is the best approach. Prioritization means working out what within the business is likely to be most at risk – for example, customer data, innovation documentation patents, and employee personal identifiable information (PII) – and ensuring the appropriate people, processes, and technology are surrounding it and are fully resourced.

What's more, taking preventative measures as well as continuously monitoring, testing, and adapting security approaches based on shifting priorities or business goals should be something every organization is doing to build their security maturity and ensure ROI.

 

5 Key Measures to Mitigate the Ransomware Threat

No company is off limits, and there is no foolproof method to keeping ransomware out of the business environment. But there are common-sense steps organizations can take to make themselves a less likely target – or at least one who rebounds much quicker than others in the event of an attack.

First, run penetration testing (pen testing for short) and conduct vulnerability assessments. It's impossible to protect what can't be seen. Without carrying out a thorough pen test, organizations can't be sure what is connecting to their network, what vulnerabilities are going unmanaged, or what the priority assets are.

Modern organizations are often highly nuanced with various networks, locations, clouds, etc., making it difficult to maintain a consistent vulnerability management program across multiple environments. As such, it's vital that organizations regularly carry out pen tests and security policies shift accordingly.

Second, getting a handle on phishing attacks. Verizon's 2023 DBIR found that 36% of all data breaches involved phishing. What's more, such attacks are often the first step in a ransomware campaign, as cybercriminals can leverage phishing tactics to deploy their malicious payloads or collect credentials to be used later down the line.

Third, mitigating against phishing attacks is not as simple as deploying one email security solution. Every organization that has been a victim of a successful email-initiated ransomware attack had an email security solution. Instead, layering email security solutions is a very cost-effective way of reducing the volume of phishing attacks. Also, training employees to decrease the likelihood of them falling for a phishing email and clicking on a malicious link is another inexpensive method to bolster email security technology.

The fourth step is deploying a detection solution to keep up to date with the latest threats. These types of solutions use artificial intelligence and machine learning to detect indicators of compromise and indicators of behavior in a business environment to notify security teams of any malicious activity, giving them time to respond accordingly.

The majority of companies providing such solutions also share threat intelligence with their customers based on what they're seeing in the industry or broader threat landscape. However, these solutions are complex and require 24×7 vigilance to be effective. This is another strategic ROI inflection point. Is investing in a partner to provide this capability more cost-effective than building it internally?

Fifth, yet no less important, is drafting and referring to an incident preparation and response plan. Every organization should assume a ransomware attack will target them. As such, they need to create a plan to respond to an attack's full life cycle. This can help mitigate and lessen the financial and reputational damage that comes with breaches and attacks.

Security practitioners should work with the organization's C-level executives to answer questions and develop a ransomware protection plan, consider how ransomware is prevented and detected, and how the organization should respond when it happens.

The plan itself should ask and answer a series of questions. These include a robust data backup and retrieval plan, how to contain the ransomware, identify affected systems, whether there is appropriate cyber insurance in place, whether to negotiate with the attacker or pay the ransom on the table, and which external resources are needed to respond.

 

Conclusion

It's always easy to go for the shiny "silver bullet" solution when it comes to protecting against ransomware. However, no one solution can mitigate every threat. Instead, organizations need to take sensible steps and actions to protect their environment, adapt to their overall business goals, and ensure they're getting ROI on their security strategy.

While there's no failsafe solution, there's a roadmap to resilience. It involves a judicious blend of the right strategies, technologies, and proactive measures that enhance security and ensure a reasonable return on investment. By investing wisely in the right resources and strategies, including having a solid incident response plan, business leaders can rest assured that they've taken comprehensive steps to mitigate the risks and the devastating impact of a ransomware attack.

MDR

Implementing a Managed Detection and Response (MDR) solution is a great step to take to protect your organization against ransomware. Click the image above to find out more.

 

A version of this article originally appeared on European Financial Review.

Latest Trustwave Blogs

The Power of Red and Purple Team Drills in Enhancing Offensive Security Programs

Despite investing in costly security solutions, keeping up with patches, and educating employees about suspicious emails, breaches still occur, leaving many organizations to wonder why they are...

Read More

Balancing Innovation and Security: How Offensive Security Can Help Navigate the Tech Industry’s Dual Challenges

Two of the greatest threats facing technology-focused organizations are their often-quick adoption of new technologies, such as artificial intelligence (AI), without taking security measures into...

Read More

Trustwave Government Solutions (TGS) Salutes New Mexico’s New Cybersecurity Executive Order

New Mexico Governor Michelle Lujan Grisham issued an Executive Order to shore up the state’s cybersecurity readiness and better safeguard sensitive data by conducting a state-wide security assessment...

Read More