Skip to main content
close search
site logo

3 tactics shaping ransomware mitigation in 2022

Though businesses have become more confident in preventing ransomware attacks, confronting risk is an internal commitment.

Published Jan. 31, 2022
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Ransomware virus has encrypted data. Attacker is offering key to unlock encrypted data for money.
vchal via Getty Images

The tenor for ransomware threats changed as attacks flipped from delivering ransomware through consumer-targeted spam to spreading across networks. The threat of extortion and data exfiltration has yet to wane. 

More than half of CISOs said they were hit by ransomware at least once in 2021, according to a Black Kite-sponsored survey of 250 CISOs. More than two-thirds expect at least one ransomware attack this year. 

Though business leaders are more confident employing tactics to prevent ransomware attacks, confronting risk requires an internal commitment starting from the C-suite down to interns. "Businesses must take acceptable and calculated risks each day — the same applies to cybersecurity," said Theo Zafirakos, CISO of Terranova Security. 

As 2022 unfolds, here are three ransomware mitigation tactics to watch and employ: 

Train, train and train again

Whether negligent or malicious, insider threats are a leading cause of security incidents. Leveraging human behavior is a favored tactic for threat actors, especially when they find loopholes in technological safeguards. 

Companies will continue to invest in their employees, working to evolve  their behaviors to become more cyber-aware.  

"To succeed, organizations must invest in processes and people," said Zafirakos. Companies have put more resources toward training employees on ransomware awareness. This includes ensuring employees know how to report suspicious messages. 

Back to basics

Despite the growing sophistication of ransomware, security controls largely remain within security basics, no matter the tools a company adds. 

Up against more security measures, threat actors pivoted their tactics to turning off mitigation capabilities to deploy ransomware, said Jon Clay, vice president of threat intelligence at Trend Micro.  

This means the security basics have had some modifications. Companies are implementing multifactor authentication for administrative accounts and mission-critical business application accounts. Companies are revisiting patch management strategies so they're based on risk, which takes into account "any vulnerabilities with public proof of concepts and any actively exploited vulnerabilities being patched at once," Clay said. 

Vulnerabilities from ProxyLogon, ProxyShell and PrintNightmare drew ransomware actors last year, according to research from Tenable. Basic VPN vulnerabilities remained a top attack vector, with the potential to linger as forgotten flaws among other highly publicized vulnerabilities disclosed and exploited last year. 

Funds might be recovered

U.S. and international law enforcement pursued one of the most prolific ransomware gangs, REvil last year, and partially recovered funds paid by Colonial Pipeline. Law enforcement will likely become more intertwined in incident response for businesses this year. 

"In fact, this will be the theme for the rest of the decade," said Zafirakos. And given the onslaught of high-profile attacks lately, "the stigma of being victim to ransomware has reduced." 

Industry wants to see more action taken against cybercriminals or nation-state threats, but "they fail in their general deterrence effect to the cybercriminal undergrounds from which they operate," said Ed Cabrera, chief cybersecurity officer at Trend Micro and former CISO of the U.S. Secret Service. This is most obvious in the constant rebranding of threat groups.  

"This is not to say [law enforcement] operations are futile or not effective but rather incredibly effective in developing criminal threat intelligence across the broader criminal underground ecosystem," he said. 

Companies are not federally required to report incidents, which leaves gaps in intelligence for law enforcement agencies. "The vast majority of incident reporting today happens due to legal and regulatory requirements rather than the idea that law enforcement can immediately assist in mitigation," Cabrera said. 

Moving forward, industry wants more collaboration with regulatory agencies in developing realistic cybersecurity mandates. Government needs more insight into how regulations could impact businesses. 

For example, "requiring organizations to disclose an attack before they have a better understanding of the situation may put their networks at risk of other attackers targeting them," said Clay. 

Recommended Reading

Filed Under: Threats

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Threats
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell