Ransomware Crisis, Recession Fears Leave CISOs in Tough Spot
Combining robust decryption and orchestration of encrypted traffic with threat prevention is crucial to staying ahead of attackers.
Gartner projects worldwide IT spending will increase 5.5% this year, reaching $4.6 trillion, and forecasts information security and risk management products and services spending will grow 11.3%, topping $188.3 billion. However, with many chief economists believing a recession is on the horizon, executives and business leaders are being forced to make difficult cost reductions. One investment that may be facing cutbacks: cybersecurity.
Though cybersecurity programs tend to be fairly resilient in the face of economic uncertainty, chief information security officers (CISOs) and security leaders are still facing tough mandates and directives from other leadership to tighten spending, demonstrate value for investments, and double down on increasing efficiencies.
In a Hanover Research survey of over 650 financial decision makers, 47% of the responding organizations indicated economic disruption and recession as top business risks for 2023. Meanwhile, cybersecurity vulnerabilities fall by the wayside, with 11% ranking it as a top concern. This risk disparity comes at an exceptionally troubling time, as the world also grapples with rising geopolitical tensions and a ransomware epidemic.
Ransomware has exploded into one of the most damaging forms of malware and rapidly growing cybersecurity threats of our time. Verizon's "2023 Data Breach Investigations Report" (DBIR) reveals ransomware now accounts for one out of every four breaches, with 95% of incidents that experienced a loss costing $1 million to $2.25 million.
Unlike other types of malware, ransomware can destroy an organization in minutes, causing a ripple effect throughout society and the global economy.
With cybercriminals capitalizing on crises for exploitation, any compromise of an organization's security posture or a potential ransomware attack amid recession fears could leave them vulnerable to greater risks and in a dire financial position or, worse, out of business.
Number of Attacks Dip — but Impacted Records and Demands Remain High
According to research from F5 Labs, malware was responsible for roughly 6% of US breaches in 2019, and by 2020 ransomware alone was a factor in 30%. By 2021, that number surged to almost 70% according to Verizon's 2022 DBIR.
Comparitech reveals publicly reported ransomware attacks dipped in 2022, but the amount of individuals' data exposed grew to nearly 115 million from 49.8 million in 2021, and ransom demand in the business sector rose to $13.2 million from $8.4 million in 2021.
Focus on Prevention
Ransomware cybercrime is claiming victims left and right in 2023, from the US Marshals Service to Dole and Dish Network. In response, the White House has classified ransomware as a threat to national security, public safety, and economic prosperity. And despite government entities like the FBI, CISA, and OFAC enacting actions to counter ransomware, these steps alone aren't enough to end the evolving ransomware threat landscape.
With a new ransomware target being attacked every 14 seconds, organizations must prioritize ransomware prevention. With its developing sophistication, mitigating ransomware is increasingly more challenging. There's no silver bullet to eradicate attacks, and having to operate in a tight market adds a layer of complexity.
CISOs and security leaders must focus on the best return on investment while building out a multilayered approach for improving their overall IT security. One strategy to accomplish this is managing attack vectors using encrypted channels with preventive technologies that can stop adversaries before they have a chance to compromise networks or while they are executing their multistep campaigns.
Beware of the Familiar
Attackers not only employ malicious encryption to ransom a victim's files, they also leverage commonly adopted encryption standards to further their own ends.
Today, nearly 90% of all Internet traffic is encrypted with SSL/TLS, making it easy for cybercriminals to take advantage of cryptography and use it to mask ransomware to evade detection while using popular and successful breach tactics like phishing.
Ransomware gangs also take advantage of legitimate websites encrypted with SSL/TLS to look secure, but have been infected with drive-by downloads. And cybercriminals leech onto browser vulnerabilities that can lead to infection when the entry point is encrypted, allowing encrypted threats embedded with malicious payloads to go unnoticed.
Gaining visibility into encrypted traffic is a key aspect of managing encrypted threats, yet organizations should level up their defense to decrypt and inspect incoming and outgoing encrypted traffic, which is commonly called SSL Inspection or Break and Inspect (BNI), and automate traffic orchestration for enhanced efficacy and control.
Amid ongoing pressure to drive efficiencies with strained resources, it's critical for businesses to optimize their security investments. Decrypting, inspecting, and re-encrypting traffic remains an exclusive feature within a small subset of security devices. With the flood of SSL/TLS traffic, many of those devices can't handle traffic at large scale.
Consequently, security stacks can take a serious hit and be riddled with points of failure that can lead to greater chances of infected traffic bypassing decryption, as well as oversubscribed services that can increase total cost of ownership.
Combining robust decryption and orchestration of encrypted traffic with threat-prevention technology that can stop attacks before they happen — and go beyond blocking and alerting indicators of compromise (IOCs) — is crucial to staying ahead of attackers amid the ransomware crisis and potential global recession.
About the Authors
You May Also Like