Ransomware preparedness is low despite executives’ concerns

86.7% of C-suite and other executives say they expect the number of cyberattacks targeting their organizations to increase over the next 12 months, according to a recent Deloitte poll.

And while 64.8% of polled executives say that ransomware is a cyber threat posing major concern to their organizations over the next 12 months, only 33.3% say that their organizations have simulated ransomware attacks to prepare for such an incident.

“Over the past 12-18 months, executives across industries and sectors have witnessed — and increasingly experienced first-hand — the jaw-dropping frequency, sophistication, cost, and both economic and operational impacts of ransomware attacks,” said Curt Aubley, Deloitte Risk & Financial Advisory detect and respond practice leader and managing director, Deloitte & Touche.

“As some ransomware can evade antivirus tools and attackers find more ways to pressure victims to pay ransoms, these attacks often have national and global repercussions. There’s no time to waste when it comes to honing and testing incident response programs for ransomware and other cyber events.”

Kieran Norton, Deloitte Risk & Financial Advisory’s infrastructure security solution leader and principal, Deloitte & Touche LLP, added, “Strong executive and board level oversight of and support for the cyber risk management program is a critical part of event preparedness. Leaders at the highest levels need to understand the crucial role they play in prevention — by providing oversight, governance and tone from the top — as well as direct support for attack response.”

To get an idea of how prepared an organization is to address a ransomware attack, Norton says business leaders can ask specific questions designed to probe the depth of the cyber program’s ransomware detection, prevention and response capabilities.

Questions leaders can ask to gauge their organizations’ ransomware preparedness

Does our organization’s cyber incident response plan address ransomware attacks specifically? Leading organizations have developed and tested cyber incident response plans, but not every organization has one and not all directly address the nuances of ransomware attacks.

Has our organization considered adopting zero trust to help bolster cybersecurity against ransomware and other threats? Removing automatic or inherited trust given to users, workloads, networks, and devices can help organizations shore-up security gaps created by digital transformation, M&A activity, rapid cloud adoption and continued remote work that ransomware actors frequently take advantage of.

Does our organization fully appreciate how ransomware attackers could exploit our use of emerging technologies to propagate attacks? Are we leveraging emerging technologies to better protect our organization from those threats? Certain technologies that companies are implementing as part of their digital transformations appear to benefit attackers in a number of ways, but defenders can use them to their organization’s advantage as well. It’s important for companies to understand how these technologies may increase their cyber risk exposure and how defenders could use them to improve security.

How does our organization test for ransomware vulnerabilities? Frequent penetration testing can help identify attack surface vulnerabilities and paths to critical systems and assets, while business continuity/disaster recovery testing can confirm that redundant backups are ready to support business resiliency if needed. As ransomware can propagate throughout a technology infrastructure, traditional backup and recovery plans may not be sufficient. Further, testing ransomware incident response plans via simulations or other approaches can help leaders across an organization build “muscle memory” around roles, responsibilities and protocols in the event of an attack.

Does our organization conduct threat hunting to help manage ransomware risk? Leading organizations are starting to take the offensive in cyber risk management by proactively working to identify new attack patterns and new attackers before they can potentially cause damage. By uncovering undetected ransomware, malware or other cyber threats, potential effects can be investigated and remediated in a timely manner.