Request A Consultation

Ransomware, extortionware, and theft: Are your security strategies really working?

By Jerald Dawkins, Ph.D., Chief Technology Officer, CISO Global

Published July 16, 2023

Reflecting on attacks in 2022, SonicWall’s Global Cyber Threat Report reaffirmed what many other reports have stated – that ransomware was on the downward trend in 2022. A handful of high-profile arrests of cyber cartel members from notorious groups like Darkside, REvil, and CIOp, seemed to temporarily raise hopes in some that the “good guys” were finally winning. Conventional wisdom, however, tells us that the criminal appetite for money isn’t going anywhere, and until the industry finds a higher level of effectiveness, cyber criminals are going to have their payday, one way or another.

Even a broad read of industry research points us back to the fact that cyber-crime pays, and that as long as there is a way in, and sensitive information to find, will criminals continue to pivot until they get at it. In short, what we’re doing as an industry isn’t effective.

That’s probably an uncomfortable truth, but take a look at the numbers and see what you think:

CrowdStrike produces an annual Global Threat Report based on analysis of the threat data flowing into its platform, examining attack styles, types, and methodology, to determine new trends. The 2023 report details some particular trends. Notably, attackers have demonstrated a commitment to doing whatever it takes to extract funds from their victims, with most attack groups’ continued ties going back to geopolitical regions and state entities, including Russia, China, Iran, and North Korea. Among other trends noted was a reiteration of the widely accepted correlation between companies’ new technology rollouts and an increase in attacks.

The [CrowdStrike Global Threat] report shows that security must parallel the slope of technology innovation. As technology matures, security has to mature and match the innovation of the technology running our organizations. The same thing can be said for the adversary. With every innovation we achieve, we can expect the adversary to actively seek ways to exploit it. From the cloud to Kubernetes, from AI to applications and more, as technology gets more complex and provides tremendous operational gains, security must evolve to protect the productivity we gain.

All you need is more technology?

For years, the cybersecurity industry has been plagued by advertisements promising that a new technology will solve all cybersecurity woes. People spend on these technologies in droves. In 2023, $219 billion will be spent on cybersecurity solutions – more than ever before.

What it’s really like out there:

Yet, Tech Republic recently reported that according to a new Cybersecurity Readiness Index, only 15% of the 6700 CISOs and other cybersecurity leaders across 28 industries around the globe said “their organizations have implemented security programs mature enough to defend against current cybersecurity risks.” 82% of respondents expect to be attacked successfully this year.

Look at cyber insurance trends.

As business leaders and boards become more cyber literate, however, and continue to see their cybersecurity investments increase, while attacks fail to decrease, the question of ROI has to come up eventually. Just look at trends in cyber insurance. That’s one industry that will always learn from the numbers. In May, the Wall Street Journal reported that cyber insurance premiums rose 28% in Q4 of 2022, and saw an 11% year-over-year increase in 2023, presumably due to widespread losses and ransomware or extortion payouts. Furthermore, CSO Online published data indicating that many are unable to obtain coverage in 2023 due to insufficient evidence that they have a mature cybersecurity program and are sufficiently addressing risk. What insurance companies are saying by this is, “What you’re doing isn’t working, and we refuse to continue throwing money at poor practices and immature security programs.”

There are geopolitical forces at work.

One thing is certain; cybersecurity is absolutely tied to the global balance of power. Russia’s war in Ukraine, for example, which some researchers have postulated as the likely reason for a temporary drop in ransomware (because they were otherwise occupied), and others have proposed as a primary beneficiary of more broadly defined state-sponsored cyber-attacks in 2022, is just one instance of how the global political climate both impacts – and is impacted by – cybercrime.

Cybersecurity is a Culture.

It’s undeniable that practitioners need to be leveraging AI, automation, and technologies like SOAR in their strategies to speed up processes, gain new insights, and become faster at what they do. However, when you approach technology with an understanding that what makes new technology effective is almost never the tool itself, but its configuration, implementation, and integration into your overall strategy, it becomes clear that what matters most is who’s behind it. Who architected the implementation? Who configured it? Who manages it? … 

Click here to read more