Runtime Roundtable May 2024: Security

Despite some recent gains by law enforcement, ransomware remains a pernicious problem for companies large and small. Here's how eight experts advise preparing for ransomware attacks.

Runtime Roundtable May 2024: Security
Photo by Christina @ / Unsplash

How should companies manage ransomware threats?

Despite some recent gains by law enforcement, ransomware remains a pernicious problem for companies large and small. Here's how eight experts advise preparing for ransomware attacks and dealing with them when they happen.

Michael Towers Veza - Anneka Gupta Rubrik
Mike Hanley GitHub - Prasad Ramakrishnan Freshworks
Robert Blumofe Akamai - Jim Broome DirectDefense
Phil Venables Google Cloud - Vishaal "V8" Hariprasad Resilience

Michael Towers

Chief Security & Trust Officer, Veza

A company’s approach to combating ransomware needs to be multilayered and focused on prevention, detection, and response.

Ensure the basics are covered for backup and recovery. You need to maintain secure, offline backups of critical data, and regularly test recovery processes to ensure business continuity and minimize the impact of an attack. Many organizations focus too much on backup strategies and not enough on restores and recovery at the application level.

Harden your environment. Be vigilant about the security basics. Attackers look for the path of least resistance. Make sure you regularly patch and update operating systems, software, and applications to address known vulnerabilities. Also, implement strong controls around who has access to what. Users should only have access to the resources they need to do their jobs. This can help contain the breadth of impact when incidents do occur.

Develop and practice an incident response plan. Create, regularly test, and update the plan with clear roles and responsibilities for detecting, containing, and recovering from a ransomware attack. Practice makes perfect. For those in industries like utilities or healthcare, where paying ransom is more likely given the impact, the plan should include how payments will be made.

Anneka Gupta

Chief Product Officer, Rubrik

Recent events have shown that ransomware attacks are virtually inevitable and can happen to any organization. Due to the current threat landscape, it’s important for security leaders to assume an attack will happen and focus on preparation and recovery.

For preparation, businesses must first determine their cybersecurity maturity. To get this process started, organizations should be conducting tests, holding practice simulations, and administering continuous internal security audits to identify potential weaknesses. With businesses continuing to onboard more tools and talent, organizations should also work to fully understand how data is being handled internally and their overall data security posture. Companies should be able to locate all of their sensitive data, determine who has access to that data, and what it’s being used for.

In terms of recovery, the first step is to find and remove trigger file(s) from all devices. From there, organizations should disconnect vulnerable devices to prevent the ransomware from spreading further. Once it’s safe to bring systems back online, businesses should run anti-malware packages on all their systems to ensure they are restoring files safely. Ultimately, establishing a culture of cyber resilience is an organization’s best bet against modern threats.

Mike Hanley

Chief Security Officer and SVP of Engineering, GitHub

Managing ransomware threats begins with a prevention strategy. Most attacks are made possible due to insecure legacy systems and software, lack of security hygiene, and not having strong vulnerability management or disaster recovery programs. Getting these foundational basics right will better position companies to prevent the success of such an attack or, if needed, increase their chances of a smooth recovery. Ultimately, the cost of preventing a vulnerability in one’s code and systems will be much lower than the cost to deal with the fallout of a ransomware attack.

Also bear in mind that setting and actioning prevention strategies is not just the responsibility of IT and security teams. It’s increasingly critical to deputize employees and create a culture where the workforce is security aware — one where employees feel ownership and agency over ensuring good outcomes and are empowered to report security concerns. Security culture eats security strategy for breakfast, and the security culture curated within a company will ultimately yield higher dividends for preventing attacks.

Prasad Ramakrishnan

Chief Information Officer, Freshworks

When it comes to ransomware, many leaders think, “that could never happen to me.” But those in cybersecurity know this old adage rings true: It’s not that you have not been breached; it’s just that you don’t know it yet.

Most organizations are reactive instead of proactive and retrofit their systems with tools instead of incorporating them from the beginning. Proactive cybersecurity measures should be built into the organizational design, and the first order of business is identifying the “crown jewels” for your organization — the most critical data that needs protecting.

From there, minimize risk with constant monitoring, training, containment planning, and cybersecurity insurance. I like to think of the analogy of taking someone’s temperature with a thermometer: your network is like “a body” that can become feverish at any moment, so you need security instruments to take the temperature and keep the sickness — whether visible or not — within manageable limits.

In security, that means performing frequent penetration tests, bug bounty schemes, and analyzing network traffic for unusual patterns.

But even the most secure organizations will receive ransomware threats, which is why it’s crucial to proactively inform customers, employees, and end users about what happened and what you’re doing in response.

Robert Blumofe

Chief Technology Officer and EVP, Akamai

Companies must internalize that there is no silver bullet for cyber threats — ransomware is here to stay. If anything, ransomware attacks are going to get more potent as attackers adopt AI. This means that organizations need to take a sober look at their security posture and make sure they have a comprehensive roadmap.

Doing the security basics — such as eliminating shared credentials, using multi-factor authentication (ideally without passwords), and limiting individual employee access to applications — and doing them very well, is step one. In many recent attacks, we learned that basic security practices have fallen by the wayside, which gives attackers the perfect opening to successfully execute a ransomware attack.

Further, as companies continue to manage ransomware threats, they must be aware of the benefits and limitations of AI. While AI, particularly deep learning, will always have a place in solving security challenges, organizations will be better served by ensuring any security solutions — AI-based or not — helps them optimize the security basics with strong authentication and a zero-trust approach. This will continue to be the best way to protect assets from both the threats we know and new threats yet to come.

Jim Broome

President and CTO, DirectDefense

Organizations need to proactively prepare for potential ransomware and business email compromise attacks, as they routinely result in data exfiltration and further compromise into a victim environment. This starts with establishing a comprehensive incident response plan, outlining procedures for incident response, system restoration, and ongoing operations to mitigate the impact of security breaches.

The best thing companies can do is be prepared, and that means investing in upgrading legacy systems and ensuring all system software is patched through a vulnerability management program and implementing strong encryption and authentication mechanisms to strengthen security controls. This also entails crafting a thorough incident response plan, detailing steps for addressing incidents, restoring systems, and minimizing ongoing damage.

During this process, organizations should assess their external access vulnerabilities, particularly in poorly segmented networks with third-party integrations. Maintaining an updated inventory of third-party vendors aids in delineating responsibilities and contractual obligations if a ransomware event were to occur.

An effective incident response plan should align with the organization’s available resources and should be tested annually to reflect evolving threats and organizational changes. Testing plans through tabletop exercises is a great way to enhance your team’s readiness and response capabilities.

Phil Venables

CISO, Google Cloud

The advancements of ransomware and similar threats have forced security leaders to be more critical and mindful of their technology infrastructure. We’re constantly reminded that ransomware remains a serious security problem, and business leaders need to have a plan for addressing it before they become the next victim.

Strong cyber hygiene practices are key. Some immediate preventative next steps that organizations can take include:

  • Making sure access is strongly authenticated (and moving beyond passwords as the sole means of authentication)
  • Making sure that all systems are patched and up to date
  • Limiting the amount of people with the highest privileges
  • Making sure backups are in place, and that these backups are regularly tested for effectiveness under a ransomware scenario
  • Putting multilayered controls in place across both on-premises and cloud environments

However, prevention is only just the start. As a next step, leaders should focus on building resiliency. This includes preparing for the aftermath of a ransomware attack by having the right resources to rebuild infrastructure and restore data and services. By prioritizing both prevention and resilience, companies can significantly reduce the risk of a successful ransomware attack and minimize the impact if one does occur.

Vishaal "V8" Hariprasad

CEO & Co-founder, Resilience

Successfully managing ransomware threats requires a fundamental rethinking of risk. Enterprises shouldn’t just be asking themselves, "Will we be a victim of a ransomware attack?” but rather, "Assuming that an attack is inevitable, what is our risk tolerance, and how does that tolerance affect our prevention and response strategies?”

Hackers are getting smarter and they are getting better at automating their attacks. Companies can’t keep up. Rather than merely managing the threats as they come, companies should adopt a proactive, holistic approach to risk management — enabling them to bounce back faster. This approach requires two key steps.

First, companies must break down existing silos between the cybersecurity, finance, and risk management departments. All relevant players should be in the room for cyber hygiene planning. Otherwise, they’ll be unable to effectively communicate and collaborate.

Second, companies must open up key lines of communication with law enforcement (including CISA and the SEC) as well as insurers. Gaining familiarity with these channels, and the procedures in place for attacks, can lead to better data sharing and transparency that will help inform broader industry responses in the future.

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Runtime.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.