Intelligent CIO Europe Issue 57 - Page 56

FEATURE : RANSOMWARE

A MINORITY OF UK CRITICAL NATIONAL INFRASTRUCTURE ORGANISATIONS ARE IMPLEMENTING CRITICAL MEASURES TO PROTECT , DETECT AND RESPOND TO RANSOMWARE .

human-operated ransomware ( HoR ) now sees criminal groups quietly infiltrating organisations for extended periods prior to exfiltrating data and launching debilitating attacks on data and systems . Multiple initial attack vectors are now used to gain entry to victim organisations including exploiting vulnerabilities in external systems , supply chain compromise , use of initial access brokers , stolen credentials and phishing .
Once in , attackers typically escalate privileges , install persistence , steal credentials and repeat the process as they move laterally through the environment . Finally , they will execute their objectives , which is to steal and encrypt data , before extorting the victim . Unlucky victims can sometimes find themselves in a double extortion scenario where they end up paying twice ; once to decrypt files and subsequent payment to prevent confidential data being publicly released .
Ransomcloud is also on the rise . These attacks exploit weaknesses or legitimate functionality in cloud resources to deploy malware , encrypt data and extort money from organisations . As more businesses embrace cloud to improve their efficiency and operational agility , the security risks inevitably increase . Organisations that race head-first into the cloud without architecting secure cloud services are particularly susceptible to attack .
Any ransomware attack can cause extensive loss of data and operational downtime for businesses . To outpace an escalating threat landscape , security strategies must be built on stronger foundations than cyber insurance alone .
Strengthening defences against ransomware
Many organisations are realising the need to prioritise and plan to mitigate the ransomware threat . Yet , opportunities for improvements remain . Bridewell research found that only 36 % have a security information and event management ( SIEM ) platform in place – a crucial tool to detect and alert against intruders . Furthermore , just 43 % have implemented technical controls to prevent unauthorised access and stop key directories and
56 INTELLIGENTCIO EUROPE www . intelligentcio . com