To reduce cyber risk, including ransomware, every organization needs an effective cybersecurity program that strengthens defenses, detection, and response capabilities and reduces risk. In working with customers, we’ve seen organizations that lack some of the programmatic approaches we recommend. Specifically, organizations may be missing one or more of the four foundational activities we see as the most critical to implement: risk management, ransomware defense and readiness, external penetration testing and incident response (IR) capabilities.
Risk Management
Each organization has different cybersecurity priorities based on its activities, data, communications and transactions. Every organization needs to understand its specific risks – since risks and their impact vary from organization to organization. As risk is an ongoing security topic, organizations need a programmatic approach that successfully mitigates risks and identifies the most critical risks requiring ongoing management.
Risk assessments are compliance requirements for some organizations, but every organization should undertake risk assessment and management as an essential activity in their cybersecurity efforts. An industry standard for understanding organizational risk is the NIST 800-30 guide for conducting risk assessments, followed by mitigation efforts, including ongoing management and regular updates to a formal risk register. These efforts provide an understanding of risk likelihood and impact and, therefore, inform action and mitigation prioritizations.
Ransomware Defense and Readiness
The number of ransomware attacks and their incurred costs continue to grow at an alarming rate. While an attack occurred every 11 seconds in 2021, this metric is expected to narrow to two seconds by 2031. Damage costs are also predicted to surge from $20 million to $256 billion over the same timeframe. Given this growth and the highly automated and increasingly sophisticated nature of ransomware attacks, organizations must focus on minimizing the likelihood of an occurrence and reducing the impact with effective, timely responses to attacks. This means continuously fortifying defenses and creating and maintaining response and recovery capabilities in-house – all before a ransomware incident occurs.
Strong defenses on email, web browsers, perimeters, endpoints, anti-malware and secure configurations and hardening can stop an attack before it happens. If you can’t prevent it, then limit the impact with quick detection and strong incident response that contains the attack, preferably to a single laptop or workstation. Next, have a team that can recover from the impacts using backups and disaster recovery – and again fortify the environment and reinforce training.
External Penetration Testing
In addition to establishing defenses, those defenses should be regularly tested to uncover gaps that bad actors can exploit. Testing perimeter weaknesses to identify, evaluate and remediate strengthens defenses against external threats, including ransomware. The crucial activity to test perimeter defenses is engaging professional external expertise to attempt to penetrate the environment. There is no substitute for regular external penetration testing for discovering vulnerabilities in an environment, especially when threats are constantly changing and becoming increasingly complex.
Incident Response
Often overlooked, incident response plans and tabletop testing for IT staff is critical preparation to respond, contain and recover successfully from incidents. Ideally, the IT staff on duty can quickly and effectively respond to an incident based on having an up-to-date incident response plan and having had the opportunity to regularly test that plan before an incident occurs. IT teams who either don’t have an IR plan or have not recently tested their plan will have slower responses and are less knowledgeable about the right actions and when to take them. This results in incidents with more significant damages: costs, downtime and data loss.
The Value of External Expertise
Highly certified providers with extensive knowledge and experience in cybersecurity best practices can support enterprises by providing much-needed specialized services for assessments, increasing defenses, identifying weaknesses and vulnerabilities and preparing for effective incident responses.
Based on our experience with customer needs and challenges, including internal staffing and knowledge gaps, we’ve created services to support organizations in developing programmatic approaches to risk and cybersecurity. The Flexential Professional Services’ Cyber Defense Program employs cybersecurity and risk management best practices and standards to identify and mitigate risk and build cybersecurity defenses that reduce the impact and likelihood of cyber events. The program combines risk identification with prioritized, actionable recommendations to quickly decrease risk to the organization by closing vulnerabilities, preparing staff for cyber events, and strengthening identification and response capabilities.
With the ever-expanding threat landscape, there is no time like the present to increase your organization’s defenses. While devising and implementing an effective cybersecurity program may be challenging, time-consuming, and costly, costs from a successful ransomware attack, data loss and unplanned downtime quickly exceed the price of proactive and preventive measures. Furthermore, it is business-critical for IT departments to protect the confidentiality, integrity, and availability of their organization’s operations and data.
Will Bass, Vice President of Cybersecurity Services, Flexential Professional Services. Contact them to learn more about their flexible and tailored hybrid IT solutions comprised of colocation, cloud, connectivity, data protection, managed, and professional services.
