CIO Roundtable: How US states and Canadian provinces can actually build resilience with effective ransomware response​

The frequency and impact of ransomware attacks continue to increase

Most state and provincial government organizations will experience ransomware incidents in the next 24 months, some even more than once. You will never have a better chance to implement best-practice security controls as you do now.

Resilient government entities are not impervious to attack, but they have tools to protect assets, detect incursions, and respond effectively.

Discuss ransomware response now

• Hackers need to spend less time in discovery before they deploy an attack and have become much more effective.
• You can’t just rely on your ability to respond and recover but need to build a resilient organization that can withstand a ransomware event and recover quickly.
• It takes time, planning, and help from people around you to overcome challenges.

There’s a distinct path to being resilient

Join our leading experts for practical guidance:

• Understand how to build a resilient entity that can withstand a ransomware event and recover quickly.
• Explore strategies and tools to protect assets, detect incursions, and respond effectively.
• Learn from peers about the challenges they face in building resiliency and how to overcome them.

Build Ransomware Resilience

Prevent ransomware incursions and defend against ransomware attacks.

Your Challenge

Ransomware is a high-profile threat that demands immediate attention:

• Sophisticated ransomware attacks are on the rise and evolving quickly.
• Emerging strains can exfiltrate sensitive data, encrypt systems, and destroy backups in only a few hours, which makes recovery a grueling challenge.
• Executives want reassurance but aren't ready to write a blank check. Improvements must be targeted and justified.

Common Obstacles

Ransomware is more complex than other security threats:

• Malicious agents design progressive, disruptive attacks to pressure organizations to pay a ransom.
• Organizations misunderstand ransomware risk scenarios, which obscures the likelihood and impact of an attack.
• Conventional approaches focus on response and recovery, which do nothing to prevent an attack and are often ineffective against sophisticated attacks.

Info-Tech's Approach

To prevent a ransomware attack:

• Conduct a thorough assessment of your current state, identify potential gaps, and assess the possible outcomes of an attack.
• Analyze attack vectors and prioritize controls that prevent ransomware attacks, and implement ransomware protection and detection to reduce your attack surface.
• Visualize, plan, and practice your response and recovery to reduce the potential impact of an attack.

Info-Tech Insight

"Resilience is not a trampoline, where you’re down one moment and up the next. It’s more like climbing a mountain. It takes time, planning, and help from people around you to work through challenges. Focus on what is in your organization’s control, and cultivate strengths that allow you to protect assets, detect incursions, respond effectively, and recovery quickly."

Ransomware attacks are on the rise and evolving quickly.

Three factors contribute to the threat:

• The rise of ransomware-as-a-service, which facilitates attacks.
• The rise of crypto-currency, which facilitates anonymous payment.
• State sponsorship of cybercrime.

Elementus maps ransomware payments made through bitcoin. Since 2019, victims made at least $2B in payments.

A handful of criminal organizations, many of whom operate out of cybercrime hotbeds in Russia, are responsible for most of the damage. The numbers capture only the ransom paid, not the clean-up cost and economic fallout over attacks during this period.

Total ransom money collected (2015-2021): USD 2,592,889,121

The frequency and impact of ransomware attacks are increasing

Emerging strains can exfiltrate sensitive data, encrypt systems, and destroy backups in only a few hours, which makes recovery a grueling challenge.

Sophos commissioned a vendor agnostic study of the real-world experience of 5,600 IT professionals in mid-sized organizations across 31 countries and 15 industries.

The survey was conducted in January to February 2022 and asked about the experience of respondents over the previous year.

• 66% Hit by ransomware in 2021 (up from 37% in 2020)
• 90% Ransomware attack affected their ability to operate
• USD 812,360 Average ransom payment
• $4.54M Average remediation cost (not including ransom)
• 1 Month Average recovery time

Meanwhile, organizations continue to put their faith in ineffective ransomware defenses.

Of the respondents whose organizations weren’t hit by ransomware in 2021 and don’t expect to be hit in the future, 72% cited either backups or cyberinsurance as reasons why they anticipated an attack.

While these elements can help recover from an attack, they don’t prevent it in the first place.

Source: Sophos, State of Ransomware (2022)
IBM, Cost of A Data Breach (2022)

Info-Tech’s ransomware resilience framework

Disrupt the playbooks of ransomware gangs. Put controls in place to protect, detect, respond and recover effectively.

Prioritize protection

Put controls in place to harden your environment, train savvy end users, and prevent incursions.

Support recovery

Build and test a backup strategy that meets business requirements to accelerate recovery and minimize disruption.

• Threat preparedness: Review ransomware threat techniques and prioritize detective and mitigation measures for initial and credential access, privilege escalation, and data exfiltration.
• Awareness and training: Develop security awareness content and provide cybersecurity and resilience training to employees, contractors, and third parties.
• Perimeter security: Identify and implement network security solutions including analytics, network and email traffic monitoring, and intrusion detection and prevention.
• Respond and recover: Identify disruption scenarios and develop incident response, business continuity, and disaster recovery strategies.
• Access management: Review the user access management program, policies, and procedures to ensure they are ransomware-ready.
• Vulnerability management: Develop proactive vulnerability and patch management programs that mitigate ransomware techniques and tactics.