Commentary From Crisis Management Expert Edward Segal, Bestselling Author of the Award-Winning Book "Crisis Ahead: 101 Ways to Prepare for and Bounce Back from Disasters, Scandals, and Other Emergencies" (Nicholas Brealey, 2020)   


Two strategies for dealing with a crisis that is guaranteed to fail are ignoring it or acknowledging there's a crisis but not doing anything about it.

Ransomware is a case in point.

"Ransomware attacks are more prevalent than ever, and they're wreaking havoc across a range of industries, Panda Security observed. Indeed, during the first half of 2022, there were a total of 236.1 million ransomware attacks worldwide, according to Statista.

Falling Short

High-profile stories about ransomware attacks on Colonial Pipeline last year and the attack last month against Suffolk County in New York notwithstanding, businesses apparently are not fully prepared to prevent or respond to similar attacks.

The 2022 State of Ransomware Preparedness Report, released this month by cyber risk management company Axio, revealed that only 30% of surveyed organizations had a ransomware-specific playbook. Active phishing training has improved but is still not practiced by 40% of organizations, according to the survey.

'Struggling With The Basics Of Cybersecurity Hygiene'

"Organizations continue to struggle with the basics of cybersecurity hygiene and risk management," Richard Caralli, senior cyber security advisor at Axio and co-author of the report, said via email.

"The practices and controls that are seemingly the easiest to do in an organization are still the things that organizations struggle with the most—whether it is ensuring critical vulnerabilities are patched within 24 hours or ensuring continuous security of high-value privileged accounts. Only 24% of organizations report to be patching systems within a day—a scary figure considering the continued digitization of the modern company," Caralli observed.

"Business leaders across every sector should not be waiting for a ransomware event to be their wake-up call. Nor should they expect their cyber insurance providers to cover their losses if the organization cannot demonstrate even basic cybersecurity maturity," he warned.

Role Model

Companies and organizations might take a page out of the federal government's playbook as a role model for being proactive in the battle against ransomware.

This week the Biden administration posted a fact sheet with details about their actions to strengthen America's cybersecurity, including ransomware.

Taking The Initiative

 "In 2021, the Administration established the International Counter-Ransomware Initiative (CRI), bringing together partners from around the globe to address the scourge of ransomware," according to the fact sheet.

"The White House will host international partners October 31-November 1 to accelerate and broaden this joint work. This group has raised collective resilience, engaged the private sector, and disrupted criminal actors and their infrastructure. 

Making It Harder For Criminals

"The United States has made it harder for criminals to move illicit money, sanction a series of cryptocurrency mixers used regularly by ransomware actors to collect and "clean" their illicit earnings. A number of cybercriminals have also been successfully extradited to the United States to face justice for these crimes," the White House said.

Vulnerabilities

Axio said it identified "several emerging patterns that yield insights into why organizations are increasingly susceptible to ransomware attacks. In 2021, seven key areas where organizations were deficient in implementing and sustaining basic cybersecurity practices…these patterns dominated the 2022 study results as well."

Those areas were:

• Managing privileged access
• Improving basic cyber hygiene
• Reducing exposure to supply chain and third-party risk 
• Monitoring and defending networks
• Managing ransomware incidents
• Identifying and addressing vulnerabilities in a timely manner 
• Improving cybersecurity training and awareness 

Some Good News

On the good news front, the Axio survey found that many of the surveyed companies had at least taken some basic steps to ensure the security of their networks. Those steps included:

• Anti-virus solutions incorporating behavioral analysis (practiced by 89% of respondents)
• Restrictions on unnecessary ports, protocols, services, and software (89%)
• Countermeasures against delivery of malicious payloads from websites (86%)
• Controls over potentially vulnerable services such as remote desktop protocol (83%)
• Routing of internet traffic through security appliances such as DNS or web proxy filters (83%)

"While these statistics are encouraging, the exponential growth of ransomware attacks demands that organizations consider these practices as requisite to their cybersecurity program, providing the foundation for improvement that will be needed to keep pace with ransomware innovation and velocity in the future.

"Indeed, as emerging attacks have demonstrated, ransomware attackers are not waiting for organizations to get the fundamentals right and will continue to exploit program weaknesses to their advantage," Axio's report predicted.