Why you should tackle security by accepting it’s already compromised
May 19, 2021
May 19, 2021
Like anyone working in security, I’m painfully aware how the last year has made things far more complicated for us and even easier for bad actors. Remote working opened the door to targeting individuals’ vulnerabilities, and we have seen new lures and traps that imitate credible sources involving COVID-19 advice or actions sprung up all over the place.
Ransomware is a familiar and favored threat tactic of cybercriminals. Recently, I was pleased to join a panel of experts at a webinar on the topic of “Mitigating ransomware attacks in 2021” with Infosecurity magazine host James Coker.
Traditionally, ransomware has been about gaining access to systems, encrypting or stealing data—sometimes selling it—unless a ransom is paid. Even a quick straw poll during the webinar found that up to 29% of organizations had been targeted by an attack in the past year. But, more recently, we’ve seen the “simple” act of ransomware take a more sinister turn.
Attackers are getting onto networks and staying there. They aren’t just encrypting data; they are threatening to ruin a company’s reputation by letting everyone know they have taken it. And they are taking an almost “division of labor” approach to realizing ransomware success.
What do I mean by that? Well, in my experience there’s been an increase in ransomware specialists. There might be someone offering ransomware as-a-service from the dark Web. That person may sell the service to someone who gets access into the organization and makes it encryption-ready. Then, they may pass on that information to someone who is an expert in hunting and seeking out what can be monetized. Suddenly, you’ve got people that really know what to look for, how to find it and how to move laterally around the organization.
<<< Start >>>
<<< End >>>
I’ve seen attackers getting smarter in other ways, too. Not content with having a market ready and waiting to pay cash for your data, they’re looking at the hidden assets of intellectual property (IP). Say you have an innovative asset in green energy. You’ve not only invested in it financially, but also have invested in the prospect of being first to market.
The value of this kind of IP makes the whole topic of whether to pay, or not to pay ransoms, massively complex. Another poll during the webinar found that up to 42% of executives were unsure or felt it depended on the size and resources of the organization when it came to paying up.
Of course, there are moves within the industry to disrupt ransomware payments. In April 2021, the Institute for Security + Technology (IST) released a report from its Ransomware Task Force which recommends encouraging voluntary information sharing on ransomware attacks, launching public awareness campaigns on ransomware threats, exerting pressure on countries that operate as safe havens for ransomware operators and incentivizing the adoption of security best practices through tax breaks.
Despite these efforts, everyone is vulnerable—and everyone’s security approach is different. There is a certain inevitability to ransomware and none of us can afford to be complacent.
Here’s some practical steps we can take to improve outcomes:
Let’s be clear, attackers do their homework and know which buttons to push. They understand your organization and they’ll be uncanny in their ability to find the things that really hurt. But, if you prepare your organization so that you’re in a position that you have a choice, you can be ready and ransomware resilient.
Take a look at our latest point of view on this topic or contact me for more.
Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.
Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. All materials are intended for the original recipient only. The reproduction and distribution of this material is forbidden without express written permission from Accenture. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. Given the inherent nature of threat intelligence, the content contained in this article is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this report.
Copyright © 2021 Accenture. All rights reserved.