Held for Ransom, the Latest Cybersecurity Threat

The year 2016 saw the emergence of a new cybersecurity threat called ransomware. This form of malware continues to raise challenges to protecting the security and integrity of data in all organizations. In many instances,... [ view full abstract ]

The year 2016 saw the emergence of a new cybersecurity threat called ransomware. This form of malware continues to raise challenges to protecting the security and integrity of data in all organizations. In many instances, employees within the organization unknowingly permit access to outsiders who then gain control over the data sources and demand payment of money to release the data. This paper addresses ways organizations can resist, detect, and respond to ransomware attacks.

As more and more organizations face the consequences of ransomware attacks, one thing stands clear: they are not prepared. They are not prepared to identify potential threats, protect against or detect unwanted access, or have adequate response and recovery protocols. Following a framework to prepare for such attacks, such as the NIST (National Institute of Standards and Technology) Framework for Improving Critical Infrastructure Cybersecurity, can reduce their incidence, or at the least, their impact.

This paper identifies the most common weaknesses and threats arising from ransomware attacks. They include an investigation of the existing security controls and their enforcement, the access to rapid and effective recovery of lost data through back-up systems, protocols for recovery from attacks, and coverage provided by third-part insurers. Important to this discussion is the recognition that ransomware is only the latest malware attack and these mitigation approaches may prepare organizations for the “next” form of attack. This suggests that organizations must remain vigilant, but also agile in their efforts to protect themselves.

Examples and suggestions for ways to detect and protect the organization’s data and systems will be provided. Key areas will include sources of security breaches and a checklist of methods to mitigate the risks.