In early March, the SANS Institute, whose mission is to empower cybersecurity professionals with the practical skills and knowledge to make the world a safer place, shared some insightful findings based on their survey on ransomware and malware intrusions in 2022. The survey included participants in various roles and industries from organizations worldwide of all sizes.
“In this survey, we wanted to understand what the past year looked like for our respondents. Taking an incident response (IR) viewpoint on malware and ransomware intrusions, our survey focused on key points in the investigation lifecycle, and how our various teams dealt with the challenges they faced,” explained the SANS Institute.
To help organizations better understand and prepare for ransomware and malware threats they face in 2023, SecurityScorecard is sharing our main takeaways from the SANS Institute survey:
1. Most organizations expect to be targeted by threat actors
79% of respondents felt that their organization was actively targeted by ransomware threat actors in 2022. These concerns are understandable, considering that the majority (87.4%) of organizations in the survey responded to at least one security incident in 2022.
Source: The SANS Institute
There are several reasons why 21% of respondents may not feel targeted by threat actors. Some reasons are legitimate; they may be in an industry that is statistically less likely to be a major target. Others are less legitimate and even approach wishful thinking. For example, they may believe that threat actors won’t target them again after they’ve already suffered a breach.
SecurityScorecard urges every organization, regardless of size or industry, to take preventive steps against ransomware and other malware attacks.
2. Establishing an incident response plan was a top priority for security teams
A very positive sign from this survey is that organizations are actively taking steps to bolster their cyber resilience through various security initiatives.
A notably large portion of participants appear to have prioritized implementing incident response capabilities: 81.2% of respondents said they’d established an incident response plan, while 35.4% said they’d hired an incident response firm on a retainer.
During a breach, fast and coordinated action is of the utmost importance. Having an incident response plan or a team of experts at your disposal will significantly improve your chances of a fast recovery and minimal system downtime.
Establishing clear communication channels between members of the incident response team and key stakeholders is essential for effective incident response. A well-designed communication plan specifies who needs to be notified during an incident, the timing of notifications, and the methods of maintaining communication across departments.
Tabletop exercises are an excellent way to design a well-thought-out incident response plan. Tabletop exercises are informal, discussion-based simulations to help organizations identify gaps in their current incident response program. They simulate a cyber event or incident and stress-test an organization’s response policy, plan, and procedures to assess effectiveness within its business units.
For additional insights on building an effective incident response plan, please read this framework from the National Institute of Standards and Technology (NIST).
3. Nearly half of participants acquired cyber insurance
Acquiring cyber insurance was a popular measure taken by survey participants to mitigate the risk of ransomware.
Insurance is a somewhat delicate issue when it comes to cyber. On one hand, insurers are facing increasing challenges of more sophisticated threat actors, having to raise premiums, increase underwriting standards, and reduce available coverage. On the other, insurers know that cyber is a big pain point for many of their customers, so they’re reluctant to exit this market.
Insurance is a necessary component of a healthy risk management program. The problems arise when organizations that have cyber insurance forego other essential preventive steps, thinking that they’re fully covered if the worst happens.
That line of thinking made sense a couple of years ago when cyber insurance would cover the cost of paying the ransom to decrypt your environment in case of a ransomware attack. However, cyber insurance premiums increased by 185% from 2020 to 2022. Although premiums appear to be flattening in 2023, strict underwriting and coverage constraints still remain as a result.
Before diving headfirst into a cyber insurance policy, ask questions like
- What are the requirements to obtain coverage?
- What kind of incidents are covered?
- What is the deductible and maximum coverage amount?
- How is the premium calculated? How can you reduce its cost?
- Does it cover digital forensics and incident response, etc.?
4. The role of cyber threat intelligence
Proactively discovering active and emerging threats before an organization faces them significantly boosts cyber resilience. Thus, we are glad to see that 46% of survey participants are likely to invest in threat intelligence subscriptions. Threat intel provides organizations with deep intelligence on possible risks and threats, arming them with actionable insights and data to prevent cyber attacks.
Threat intelligence is the collection and analysis of information regarding potential or actual cyber threats to an organization that are not typically detected by internal security controls. Such information includes: leaked credentials (username/password combinations) and personally identifiable information (PII), imposter domains, and social media and hacker forum chatter. SecurityScorecard can complement these traditional threat intelligence data sources with unique insights derived from the data that powers our ratings platform and Attack Surface Intelligence tool.
You can read a SecurityScorecard Cyber Risk Intelligence (CRI) example report here.
The effectiveness of cyber threat intelligence is also visible in this survey, as 13% of the respondents that suffered a breach said they used threat intelligence to detect the incident.
SecurityScorecard is an all-in-one solution to protect against ransomware and other threats
Ransomware and malware threats aren’t going anywhere in 2023. Intelligent and effective security investments are necessary to protect the integrity and stability of your organization. SecurityScorecard helps you streamline your security program, from incident prevention measures to effective remediation and recovery.
SecurityScorecard’s Incident Response solutions enable you to take immediate action towards remediating incidents and mitigating risk. Our incident response capabilities include intelligence on advanced hacker Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IOCs) that are unavailable to every Incident Response provider.
Delivered by the SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement(STRIKE) team, Cyber Risk Intelligence (CRI) combines expert-led human analysis with deep and dark intelligence sources to deliver customized and actionable reports to reduce an organization’s cyber risk exposure.
Speak with an expert to understand the full scope of our solutions, catered to your specific needs.