Ransomware is not going away. According to Statista, 37% of organisations, globally, became a victim to a ransomware attack in 2021, and 68.5% were victimised by ransomware – an increase on the previous three years. It has also evolved. Ransomware-as-a-Service (RaaS) has become increasingly prevalent as attackers use pre-set code to gain access to infrastructure and reshape attack efficacy; and there have been more than 130 different types of ransomware discovered in the market since 2020. Companies now must find intelligent ways of reducing digital footprints across cybersecurity quicksand to ensure their environments are secure. According to Jayson O’Reilly at Atvance Intellect, the challenge is to embed simplicity into robust cyber resilience strategies so companies can effectively operationalise and measure their security postures and approaches.
To overcome this perception – a critical move in a world mired in security threats that are simply not going to stop because the business has given up – there are key steps that companies can follow to mitigate risk, enhance posture, and stay ahead of the threats.
If the business doesn’t know what the problem is, or how to protect against it, then it won’t take the required actions to protect data and systems from attack. So, cyber resilience needs to stand beside strategy within the boardroom to ensure that the entire risk conversation takes place using language that decision makers understand. Language that underscores the importance of a healthy security stance within the framework of strategy, sustainability and success.
Training is a proven methodology for minimising human error when it comes to cybercrime. If users know how to identify phishing or dodgy links or ransomware attacks, then the business is shoring up essential defences against the onslaught. But often companies spend so much time investing into people alongside smart and sassy security systems, they forget to do one thing that can fundamentally change the impact of an attack – test or simulate real world scenarios.
Often, companies spend more on technologies that cost fortunes than on the basics that embed those solutions into the fabric of the organisation. The money falls down a black hole, and security is left full of holes. To overcome these legacy challenges, companies need to create a cyber-resilience plan that has clearly mandated policies, that is compliant, and that is, most of all, simple. If it’s easy to understand, implement, use and teach, then it’s got a far greater chance of gaining traction within the organisation.
to connect with our expert