With ransomware evolving at a rapid pace, ransoms increasing, and organizations still becoming victims, what’s the answer to stop ransomware once and for all?
The last 12 months of ransomware attacks have been one long string of sequential stories with outcomes no one would have ever believed – from increases in attack frequency of more than 700% in some verticals, to ransoms of $34 million, the ransomware saga as it were feels a bit like the price of Bitcoin – everyday there’s a new story that makes you say “NO WAY!”
It feels a lot like there’s no answer to this problem.
It’s such a huge issue that The Institute for Security and Technology (IST) recently announced they were launching a Ransomware Task Force with founding partners that include Microsoft, McAfee, and Rapid7 who intend to “assess existing solutions at varying levels of the ransomware kill chain, identify gaps in solution application, and create a roadmap of concrete objectives and actionable milestones for high-level decision-makers.”
With ransomware attacks still happening en masse, it appears that the answer is not going to solely rely on security solutions; the bad guys are improving their evasion and obfuscation skills daily, growing more and more focused on collecting larger and larger ransoms.
I’m hoping the task force will be including the use of Security Awareness Training – with phishing now being one of the primary initial attack vectors, our data has shown that organizations who have instituted this kind of training achieve a 87.5% reduction in the phishing threat surface – in layman’s terms, users are 87.5% less likely to click on a phishing email.
This may very well *be* the answer the Ransomware Task Force is looking for – or at least part of it. We’ll see what they come up with and report it here.