When the subject is ransomware, we usually think of smaller municipalities and school districts, which often don't have the resources to fend off increasingly sophisticated cyberattacks. But enterprises are increasingly under attack by ransomware criminals, which is very likely why the subject came up so often at the recent National Association of Corporate Directors (NACD) Global Leaders’ Summit.

The meeting included several panels on cybersecurity, and every one I attended included some questions and discussion about ransomware. That’s a good thing. It shows that directors and board members know their companies are increasingly at risk.

If anything, ransomware attacks aimed at the enterprise are probably under-reported. Public companies may not have to report such attacks, even if they are successful, unless data is stolen. If the data is encrypted and held for ransom, reporting requirements likely don’t apply.

A growing problem for the enterprise

A recent report from Malwarebytes found that while ransomware targeting consumers has declined sharply, attacks on businesses have increased dramatically—from near 2.8 million in the first quarter of 2018 to around 9.5 million in the first quarter of 2019.

Apple chipmaker TSMC had to temporarily halt manufacturing because of a WannaCry infection, with losses estimated at up to $250 million. Then came NotPetya, which caused an estimated $10 billion in losses globally. Other companies hit included FedEx (a $400 million loss), Merck ($870 million) and Saint-Gobain, a French construction company ($384 million). Keep in mind these estimates include lost sales, data recovery efforts and the cost of improving cyber defenses as well as paying ransoms.

So what should directors and board members do?

One clear takeaway is to come to grips with two things: First, current security solutions may weed out a portion of the ransomware links and attachments sent to your employees—which some security professionals consider an organization’s weakest link—but it’s unlikely those solutions will do a complete job. Second, there are ways to improve protection against ransomware without adding tons of new tools or trying to recruit specialized talent. One strategy is a Security-as-a-Service approach.

Ask your security teams about their ransomware strategy

If they tell you, "We're good to go," ask if they depend solely on an anti-virus solution. Hopefully not, because most organizations hit by ransomware are already running an anti-virus product. If your security people talk about advanced endpoint technology, patching, threat intelligence, improved email filtering, account resetting, blocking outbound connections to the source of the ransomware, or searching email across all accounts for ransomware links or objects … well, all that’s a good start.

The truth is, it should be all of the above, which is why many organizations are now looking into Security-as-a-Service. The beauty of this approach is that you don't have to recruit new security talent, build new capabilities or try to integrate new tools. Instead, you consume security literally as-a-service, just as you would other utilities, with anti-ransomware (and other security capabilities) updated regularly as the provider’s intelligence and capabilities grow.

In my experience, security-as-a-service not only can work, it does work. For more, check out this video:

<<< Start >>>

How Accenture's MDR stops ransomware

Watch a step-by-step breakdown of how Accenture Security's Managed Detection and Response (MDR) identifies and contains ransomware attacks.

Accenture Security

Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence.  Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.

Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. All materials are intended for the original recipient only. The reproduction and distribution of this material is forbidden without express written permission from Accenture. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. Given the inherent nature of threat intelligence, the content contained in this report is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this report.

Copyright © 2020 Accenture. All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks

Robert Kress

Managing Director – Accenture Security, Global Quality and Risk Lead

Subscription Center
Subscribe to Security Blog Subscribe to Security Blog