With the average cost of a data breach now at $4.2 million, growing cyber threats like ransomware and the hybrid workforce have organizations worldwide looking to mitigate risk at every layer of the organization.
Keatron Evans
Principal Security Researcher, Infosec Institute
Securing your organization is like balancing an equation: people+skills+technology=security. Where many security strategies fall short is having an unbalanced equation.
Ransomware proves to be a good use case when considering how to balance this equation. On the technology side, leaders and technical teams can take measures like maintaining backups, reviewing port settings, and implementing an intrusion detection system.
Yet, we’ve seen firsthand that even the most advanced cybersecurity technology is ineffective without a skilled technical team and cyber-aware employees. This unbalanced equation has led to record-breaking ransomware payouts this past year.
To balance this equation and minimize ransomware’s impact, organizations must make strategic investments into all three aspects. Here, we will examine opportunities to invest in the people and skills part of this equation, look at what is most commonly missing across many organizations, and provide some remediation advice.
Executive-level cyber training
In a recent Deloitte poll, over 60 percent of executives reported being concerned about ransomware. However, only one-third said their organizations have simulated ransomware attacks to prepare for an incident.
It’s usually not until an organization is hit with ransomware that the executive team realizes they were not educated on prevention and remediation. Security and risk leaders must educate executives on these threats and demands, implement proactive ransomware prevention and protection strategies, and ensure policy and administrative procedures are in place via tabletop exercises.
For senior leaders, there needs to be targeted education that focuses on cyber threats from their perspective, and about specific incidents that may target them directly, like whale phishing. This facilitates discussion on the problem, and the need to drive ransomware awareness and education from the top down. For this reason, tailored security awareness training catered to the executive level is effective and worth the extra effort.
Employee cyber training
Most ransomware infections begin with an employee clicking or downloading a malicious file, thus granting attackers access to the organization’s environment. This puts the attacker’s target directly on the end user, which is why consistent security awareness training is still one of the most effective tools for combating ransomware.
Training should cover not just what ransomware is and what it does, but also how hackers can infect systems with ransomware:
- With phishing emails, where hackers impersonate brands to manipulate employees into disclosing sensitive information or access,
- Through malicious websites and file downloads,
- Or even with seemingly benign removable media like USB drives.
Helping employees understand how to prevent this type of cyber incident, and how these skills can keep their families cyber safe at home, makes their training relevant and memorable.
IT and security team training
IT and security teams significantly impact how an organization survives a ransomware attack. Investing in IT and security team skills ensures your organization is prepared to defend against the growing ransomware threat.
These teams must train and learn to respond appropriately when there is an attack — from prevention and detection, to response and forensics investigation. There must be hands-on training that enables technical teams to manage the details and real-life decisions that come with successfully recovering from an attack.
A best practice is scheduled, structured simulation to validate readiness and enable constant improvement. Fortunately, most of the information needed to do these things exists in free, open-source information or training from trusted vendors.
Balancing the cybersecurity equation
As leaders look to mitigate ransomware risk, it’s critical to invest in all three aspects of the cybersecurity equation. Even with advanced technology, there must be well-trained employees to defend your data at every level of the organization. By breaking down the investments into the people and skills layers of cybersecurity, organizations and employees can better understand how to counter cyber threats.