Innovation Taking Proactive Steps To Mitigate The Global Ransomware Pandemic David Raissipour Forbes Councils Member Forbes Technology Council COUNCIL POST Expertise from Forbes Councils members, operated under license. Opinions expressed are those of the author. | Membership (fee-based) Oct 26, 2022, 07:45am EDT | Share to Facebook Share to Twitter Share to Linkedin By David Raissipour, Mimecast Chief Technology & Product Officer.
getty Remember when former CISA Director Christopher Krebs first proposed the concept of a ransomware pandemic during his U. S. congressional subcommittee hearing back in May 2021? Now, 16 months later, ransomware’s meteoric rise across the cyber threat landscape is as prevalent as it ever was, spearheaded by bad actors continuing to deploy email-borne attacks at an unprecedented scale.
The global cost of ransomware is expected to reach $231 billion by 2031 , and with cybercrime growing more sophisticated, motivated and well-funded by the day, no enterprise nor industry is immune from its evolving variants. Key findings from Mimecast’s 2022 State of Email Security Report illustrate the severity of the situation at hand. According to the report, which commissioned an independent survey of more than 1,400 global cybersecurity professionals across 12 sectors, approximately 75% of companies were struck by a ransomware attack in 2021, representing a nearly 15% increase from 2020.
The report also revealed a direct correlation between ransomware and email as its primary attack vector. More than 70% of respondents said the frequency of email-related threats increased over the previous 12 months. Among them, 88% fell victim to ransomware over that same span.
MORE FOR YOU Patrick Byrne Of Overstock Fame Says He Was Involved In Monthslong Effort To Overturn 2020 Election How The Renegotiation Of Work Can Impact Recruiting And Retention As Companies Return To The Office How Can Human-Powered AI Advance The Future Of Music In Advertising? Email-driven attacks have been expanding in volume and velocity ever since the widespread adoption of hybrid work environments at the onset of Covid-19. However, threat actors have set their sights beyond email—now targeting collaboration tools like Google Drive, SharePoint, Zoom, Microsoft Teams and Slack, all of which are used to extend business communication between employees, contractors and partners regardless of where they are. The hybrid culture has changed the way organizations work, mainly by changing how their employees collaborate.
Traditional in-office interactions centered around the exchange of sensitive files and confidential information now ensue over email and instant messaging channels, essentially transforming critical workplace communications into high-value unstructured data assets ripe for exploitation. With hybrid structures here to stay, organizations must take proactive steps that further position them to combat these evolving tactics and techniques. For example, such an approach might entail the integrated adoption of AI-enabled tools and training to simplify complexities and maximize protection at an organization’s most vulnerable attack vector: the intersection of business communications, people and data.
Ultimately, the goal is to alleviate risk and uncertainty from evolving processes and workflows, and connect the dots between how they work, the services they provide and the technologies that enable them. Protecting Your Communications Above all, cybercriminals covet the breadth of data assets created by business communications. Why? Because the more sensitive the information, the more likely a victim will pay the ransom even without guarantee of restoration.
In addition, threat actors have enhanced their ability to steal data through the proliferation of social engineering attacks, shifting their focus from targeting the larger enterprise network itself to capitalizing on the vulnerable behaviors of the individual employee. By leveraging democratized and crowdsourced toolkits that apply machine learning modules to perform automated impersonation attacks via email, they can now deploy ransomware on an exceedingly broader scale. This heightens the importance of adopting reliable email and collaboration security solutions that surround business communication channels with continuous protections and real-time detection and response capabilities.
The products must be scalable to fit the evolving needs of the organization, as well as fully functional with other security tools and third-party integrations to promote actionable threat intelligence sharing and data-driven decisioning. Protecting Your People Beyond the power of best-in-class solutions, it’s critical to understand the impact that user behavior can have on organizational security posture. All it takes is one unsuspecting employee to click on a malicious link for a ransomware attack to succeed.
The SOES Report found that more than 90% of security breaches involve some degree of human error. However, employees who received consistent cyber awareness training were five times more likely to identify and avoid malicious links. With the hybrid workforce spread across multiple offices, homes and remote locations, prioritizing people protection should be considered non-negotiable.
Knowledge is power in this case, so ensure employees are equipped with continuous training and simplified resources for identifying email-borne threats. If they use multiple collaboration channels with different log-in credentials, tech stacks must have AI-enabled security tools that can correlate different personas with the same identity, as well as automate the analysis of user behavior for risk mitigation. By generating real-time visibility into the level of risk associated with each employee, IT teams can proactively address vulnerabilities with just-in-time training on best practices for ransomware prevention.
And with a deeper and more intuitive understanding of risk, they can also create policies that protect the enterprise from future threats. Protecting Your Data With more unstructured data to protect and compliance regulations to meet, organizations cannot afford friction or anomalies when it comes to data governance. Take IBM’s 2022 Cost of a Data Breach Report , for example, which studied more than 500 global organizations impacted by data breaches over the previous year.
According to the report, the average total cost of a data breach hit a record-high $4. 3 million in 2022, a 13% year-over-year increase from 2020. It also took victims a total of 277 days, on average, to identify and contain a breach.
Effectively managing and securing data is reliant upon simplified protection and archiving capabilities, but it’s also about investing in technologies that provide the resilience to quickly recover and restore deleted or corrupted files, even if primary platforms are down in the wake of an outage. There’s also a direct correlation between people protection and data protection. When organizations adopt technologies and processes that enhance security defenses for their employees, they are also investing in data protection.
The acceleration of ransomware isn’t slowing down, but there are still proactive measures organizations can take to swing the balance of power back in their favor. Amid this global pandemic, a holistic framework that prioritizes the security of business communications, people and data can be an effective mitigation strategy. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives.
Do I qualify? Follow me on LinkedIn . Check out my website . David Raissipour Editorial Standards Print Reprints & Permissions.
From: forbes
URL: https://www.forbes.com/sites/forbestechcouncil/2022/10/26/taking-proactive-steps-to-mitigate-the-global-ransomware-pandemic/