Ransomware is number one threat for CISOs

#1 Threat: Ransomware

In the report, as you may expect, the main finding was that CISOs recognise ransomware as their number one threat.

This is because it impacts an organisation on many levels: operational, financial, legal and reputational. And unfortunately, it doesn’t look like it’s going to get better soon with 69% of respondents expecting to be successfully hit at least once in the next year – up from 53% hit in the past 12 months.

With many high-profile attacks in the news, the ransomware threat is shining a spotlight on the importance of cyber security at board level.

Perhaps for the first time, executive leadership are asking CISOs what they need to effectively protect their organisations against cyber-attacks.

This means that ransomware defences are beginning to involve everyone and everything in the organisation – from users and endpoints to the data centre and the cloud.

To Pay or not to Pay?

Interestingly, the research showed that the financial ransom itself is not the CISO’s top concern.

Paying a hacker is a controversial decision – and it’s not even a guaranteed solution. If anything, it rewards threat actors and incentivises them to continue ransomware attacks.

Of course, the temptation to pay is understandable: it may be a choice of paying versus business continuity or even survival.

However, CISOs believe the biggest impact comes from the even higher cost of recovery and restoration of business operations.

Manning the Barricades

CISOs are obsessively focused on mitigating the impact of increasingly likely ransomware attacks. Survey respondents were asked about the perceived importance of a range of leading defensive practices.

Top of the list is a robust data backup and recovery regime. This is followed protecting endpoints and countering user vulnerabilities, where some of the greatest risks are found.

The UK’s National Cyber Security Centre (NCSC) and the US National Institute of Standards and Technology (NIST) are advocates of user education as an effective way reducing the risk of cyber attack.

Adopting Zero Trust

For more than half of respondents, network segmentation gets top billing with the increasing adoption of Zero Trust Network Access (ZTNA).

Zero Trust requires that every access attempt be verified, but also that the scope of access granted is minimised according to the principle of least privileges.

You can come in, but only to do exactly what you’re allowed and no more.

This approach limits an attacker’s lateral movement after breaching a network, which in turn limits the damage that can be done.

The practice of network segmentation was even included as a top recommendation in 2021 White House guidance on ransomware for businesses.