Virtualization Technology News and Information
Strengthening Cyber Resilience in the Face of Ransomware Attacks: Key Lessons for Sustained Security Management

By Craig Davies, Chief Information Security Officer, Gathid

The stakes for maintaining robust cybersecurity measures have never been higher. 2023 marked a major increase in ransomware, with record-breaking payments and a substantial increase in the scope and complexity of attacks-a significant reversal from the decline observed in 2022. In fact, ransomware payments in 2023 surpassed the $1 billion mark, the highest number ever recorded. This alarming trend looks set to continue in 2024.

As cyber threats evolve with increasing sophistication, it is paramount that security professionals reframe cybersecurity strategies from reactive protocols to proactive fortifications. Approximately 40% of ethical hackers recently surveyed by the SANS Institute said they can break into most environments they test, if not all. Nearly 60% said they need five hours or less to break into a corporate environment once they identify a weakness.

Cybersecurity is an ongoing battle for all organizations. Attackers only need to get one thing right to break into an environment; organizations must get a myriad of things right to protect their attack surface properly. So, the question for most CISOs becomes, where and how do I focus my attention for maximum return on investment?

Here are key insights businesses of all sizes can integrate into their cybersecurity practices to build a more resilient security posture and help avoid ransomware attacks.

1. Bridge the Gap Between Cybersecurity and Business Objectives

The first step towards effective cybersecurity is ensuring there is no disconnect between security measures and business objectives. Security teams must evolve from being seen merely as cost centers to vital contributors to business continuity and growth. This requires cybersecurity leaders to develop clear communication channels with executive management, ensuring that security strategies are aligned with the broader business goals. It is essential to build a business case for cybersecurity investments by clearly articulating the potential return and cost of breaches.

2. Implement a Robust and Continuous Risk Assessment Process

Ongoing risk assessment and management are crucial. Organizations need to constantly evaluate their security posture against emerging threats and vulnerabilities. This means identifying and prioritizing risks based on their potential impact on business operations. A dynamic risk assessment framework helps focus resources where they are most needed and develop strategic responses that can adapt to the changing threat landscape.

3. Ensure Identity and Access Management is Robust

Rigorous identity and access management (IAM) is indispensable. Effective IAM ensures that the right individuals access the right resources at the right times for the right reasons. Applying the principle of least privilege minimizes each user's exposure to sensitive parts of the network by granting them only the access necessary to perform their job functions. Regular audits and adjustments to these access privileges are crucial to adapt to changes in roles and responsibilities, ensuring that the IAM system evolves in alignment with organizational changes and potential threat landscapes. By embedding these rigorous controls, organizations can significantly mitigate the risk of data breaches and ensure compliance with regulatory requirements.

4. Enhance Defensive Measures Through Layered Security

Adopting a multi-layered security approach-commonly known as defense in depth-is essential to safeguard against a wide array of threats. This strategy involves implementing overlapping layers of protection so that if one control fails, another steps in immediately to thwart a breach. Critical components include robust encryption, the use of multi-factor authentication, regular updating and patching of systems, and comprehensive access controls. Each layer is designed to increase the overall security of the organization, slowing down attackers and reducing the probability of a successful breach.

5. Understand and Manage the Blast Radius

In the event of a security breach, it is vital to understand the 'blast radius'-the extent of the impact such an incident could have on the wider business. This understanding helps in planning containment strategies that minimize damage, such as segmenting networks, limiting user access rights based on roles, and having robust data backup processes in place. Preparing for the worst-case scenario ensures the organization can remain resilient and recover quickly, even when targeted by sophisticated cyber threats.

6. Encourage a Culture of Security Across All Business Levels

Finally, cybersecurity is not just the responsibility of the IT department; it's a company-wide mandate. A culture of security awareness and best practices should be promoted at all levels of the organization. This includes regular training sessions and simulations to prepare employees for potential cyber incidents. Empowering all employees to take an active role in defending the organization's digital assets is crucial for creating an effective human firewall.

Towards a Secure, Resilient Cybersecurity Posture

It is crucial for organizations to not just react to cybersecurity threats but to proactively anticipate and neutralize them before they impact operations. By seamlessly integrating identity security with business strategies, fortifying defenses through layered security, and instilling a culture of security awareness throughout the organization, organizations can achieve a more secure and resilient operational posture.



Craig Davies, Chief Information Security Officer, Gathid

Craig Davies 

Craig has over 25 years' experience in technology and cybersecurity, with a focus on growth and governance that enables companies to thrive. As the first CEO of the Australian Government's Cybersecurity Growth Network (AustCyber), Craig set out a plan to make Australia a global force in the cybersecurity market. He was the Head of Security at Atlassian, both before and during their IPO, where he developed and led their security program. Prior to this, Craig was the Chief Security Officer at Cochlear. He started his career in banking, initially with the Commercial Bank of Australia, then Westpac Banking Corporation. Craig joined Gathid in 2019 as a Director, and took on the role of CISO in 2023, and is also the Managing General Partner of Another Challenge Ventures, a boutique VC focused on cybersecurity opportunities.

Published Monday, July 08, 2024 10:15 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<July 2024>