The vast majority (86.7%) of C-suite and other executives say they expect the number of cyberattacks targeting their organisations to increase over the next 12 months, according to a recent Deloitte poll. And while 64.8% of polled executives say that ransomware is a cyber threat posing major concern to their organisations over the next 12 months, only 33.3% say that their organisations have simulated ransomware attacks to prepare for such an incident.
"Over the past 12-18 months, executives across industries and sectors have witnessed — and increasingly experienced first-hand — the jaw-dropping frequency, sophistication, cost, and both economic and operational impacts of ransomware attacks," said Curt Aubley, Deloitte Risk & Financial Advisory detect and respond practice leader and managing director, Deloitte & Touche LLP. "As some ransomware can evade antivirus tools and attackers find more ways to pressure victims to pay ransoms, these attacks often have national and global repercussions. There's no time to waste when it comes to honing and testing incident response programs for ransomware and other cyber events."
Kieran Norton, Deloitte Risk & Financial Advisory's infrastructure security solution leader and principal, Deloitte & Touche LLP, added, "Strong executive and board level oversight of and support for the cyber risk management program is a critical part of event preparedness. Leaders at the highest levels need to understand the crucial role they play in prevention — by providing oversight, governance and tone from the top — as well as direct support for attack response."
To get an idea of how prepared an organisation is to address a ransomware attack, Norton says business leaders can ask specific questions designed to probe the depth of the cyber program's ransomware detection, prevention and response capabilities.
Questions leaders can ask to gauge their organisations' ransomware preparedness include:
Does our organisation's cyber incident response plan address ransomware attacks specifically? Leading organisations have developed and tested cyber incident response plans, but not every organisation has one and not all directly address the nuances of ransomware attacks.
Has our organisation considered adopting Zero Trust to help bolster cybersecurity against ransomware and other threats? Removing automatic or inherited trust given to users, workloads, networks, and devices can help organisations shore-up security gaps created by digital transformation, M&A activity, rapid cloud adoption and continued remote work that ransomware actors frequently take advantage of.
Does our organisation fully appreciate how ransomware attackers could exploit our use of emerging technologies to propagate attacks? Are we leveraging emerging technologies to better protect our organisation from those threats? Certain technologies that companies are implementing as part of their digital transformations appear to benefit attackers in a number of ways, but defenders can use them to their organisation's advantage as well. It's important for companies to understand how these technologies may increase their cyber risk exposure and how defenders could use them to improve security.
How does our organisation test for ransomware vulnerabilities? Frequent penetration testing can help identify attack surface vulnerabilities and paths to critical systems and assets, while business continuity/disaster recovery testing can confirm that redundant backups are ready to support business resiliency if needed. As ransomware can propagate throughout a technology infrastructure, traditional backup and recovery plans may not be sufficient. Further, testing ransomware incident response plans via simulations or other approaches can help leaders across an organisation build "muscle memory" around roles, responsibilities and protocols in the event of an attack.
Does our organisation conduct threat hunting to help manage ransomware risk? Leading organisations are starting to take the offensive in cyber risk management by proactively working to identify new attack patterns and new attackers before they can potentially cause damage. By uncovering undetected ransomware, malware or other cyber threats, potential effects can be investigated and remediated in a timely manner.
About the online poll
More than 50 C-suite and other executives were polled online during a webcast held on June 24, 2021 about cyber threat detection and response. Participating executives held leadership roles in areas including corporate boards (36.7%), IT (34.4%), risk management (12.2%) and security and privacy (6.7%). Answer rates differed by question.