As ransomware continues to evolve, strategies to combat it must also change. This was the central theme of a recent webcast discussion led by Dr. Dustin Sachs, Chief Technologist at Cyber Risk Collaborative, and also featured cybersecurity experts Michael Farnum, Advisory CISO at Trace3, and James Blake, Global Security Strategy and Evangelist at Cohesity.
Together, they examined current ransomware trends and provided actionable guidance for organizations looking to protect themselves in 2024-2025.
The evolving threat landscape
Ransomware is no longer just about data extortion; the threat has shifted to functional disruption. Attackers are increasingly targeting critical infrastructure and operating systems, aiming to weaken organizations by impairing their ability to function. This development represents a significant escalation of the ransomware threat, going beyond mere financial extortion to causing potentially devastating operational impacts.
This complexity is further compounded by the rise of ransomware-as-a-service (RaaS), where attackers with little technical knowledge can purchase ransomware kits on the dark web. This trend has led to an increase in ransomware attacks and made it more difficult for organizations to defend against a growing number of sophisticated threats.
Building resilience instead of prevention
A key takeaway from the discussion was that organizations need to prioritize resilience over traditional prevention and detection measures. While it is still important to prevent ransomware attacks, Dr. Sachs, Farnum and Blake agreed that it is equally important to build the ability to quickly recover from an attack. Resilience means ensuring that an organization can continue operating and restore critical functions even if an attack occurs.
Farnum emphasized the critical role of business continuity in this regard, noting that companies often focus too much on endpoint security while neglecting broader network vulnerabilities that can leave them vulnerable.
With the increased use of remote work and cloud services, the attack surface has expanded, making it critical for organizations to address vulnerabilities across their network.
Importance of realistic incident response planning
Blake stressed that organizations need to be realistic in their crisis response planning. He noted that too often, companies treat ransomware as a purely technical issue, ignoring the broader impact on business continuity and disaster recovery. Blake advocated for a more holistic approach that involves security teams early in the planning process and ensures that crisis response plans are not just theoretical, but thoroughly tested and updated.
One effective strategy Blake suggested was conducting regular war games to simulate ransomware attacks. These exercises can help companies identify gaps in their response plans and improve coordination between different business units. Farnham added that involving business leaders in these exercises is critical to ensure the response aligns with the company’s broader operational goals.
Role of government regulation and ethical changes
Both Farnum and Blake agreed that government regulation is becoming increasingly important in the fight against ransomware. As ransomware attacks increasingly target critical infrastructure, there is an urgent need for clearer regulatory frameworks to guide organizations in their response efforts. Blake noted that in Europe, regulations related to ransomware incidents are becoming stricter and similar trends could soon follow globally.
The conversation also touched on the evolving ethical standards in ransomware attacks. In the past, ransomware attacks have focused on data extortion, but there is a clear shift toward targeting critical infrastructure, including healthcare systems. This shift raises significant ethical concerns, especially when attacks could potentially put human lives at risk.
Diploma
As organizations face an increasingly complex ransomware landscape, the need for resilience, realistic incident response planning, and proactive government regulation is more important than ever.
The insights shared by Dr. Sachs, Farnum, and Blake provide a roadmap for addressing these challenges in 2024-2025. By prioritizing resilience and preparation, organizations can better protect themselves against the growing threat of ransomware and ensure their continued operations despite adversity.
