Ransomware is not out of control; security teams are
Recent headlines would make it appear as if there has been a steep rise in the number of ransomware attacks of late – but whilst there has been an increase in the number of successful campaigns, it only points to the fact that security teams have been lax in taking adequate steps to secure their network assets.
That’s the belief of Optiv Security, which goes as far as to suggest that the vast majority of companies who give in to their cyber-tormentor are victims of their own making. The company is of the opinion that most businesses find themselves in a “pay up or perish” position because of rampant cybersecurity malpractices that makes them prone to ransomware attacks.
James Turgal, former executive assistant director for the FBI Information and Technology Branch (CIO) and current VP of Cyber Risk, Strategy and Transformation at Optiv, has personally helped many companies respond to and recover from ransomware attacks. We spoke with him to understand the evolving nature of ransomware campaigns and the steps businesses need to take to protect themselves.
What are some of the most common missteps you’ve encountered that could’ve protected businesses from ransomware attacks?
Every business is different. Some older and more established organizations have networks and infrastructure that have evolved through the years without security being a priority, and IT shops have traditionally just bolted on new technology without properly configuring it and/or decommissioning the old tech.
Even startups who begin their lives in the cloud still have some local technology servers or infrastructure that need constant care and feeding.
Some of the themes I see, and the most common mistakes made by companies, are:
1. No patch strategy or a strategy that is driven more by concerns over network unavailability and less on actual information assurance and security posture.
2. Not understanding [of] what normal traffic looks like on their networks and/or relying on software tools. Usually too many of them overlap and are misconfigured. The network architecture is the company’s pathway to security or vulnerability with misconfigured tools.
3. Relying too much on backups, and believing that a…