What ransomware challenges are on the horizon?

Security Strategy & RoadmapThreat Intelligence & Incident Response
1.1k viewscircle icon4 Comments
Sort by:
vCISO and COO in Software3 years ago

I hold a ransomware round table every month and nobody agrees on what the best solution is, which is probably because there isn't one. It’s more likely that the resolution will be a multi-tiered approach. Solutions from major cybersecurity companies are getting better, but only slightly. They’ll make minor improvements, but they don't solve the problem.

I’ve heard folks debate automation as a solution. Some people think we need automated systems looking at screens rather than SOC analysts, because they do it a lot better than humans can. I agree with that in part, but we can't automate everything because we're not quite there yet. We still have the old threats. We can automate new threats and find those, but we still have to hunt for the old ones that still exist in our environment.

2 Replies
no title3 years ago

Once we're able to fully automate it, we'll be more worried about Skynet then.

no title3 years ago

I have a threat hunting team as part of my organization and this has been a classic problem for years, even in previous careers. You find hygiene issues more than you find actual threats. You find things that look worse than they are just because somebody had been doing something stupid for however long.

Founder/Chairman/CTO in Telecommunication3 years ago

It's the adversary’s job to figure out what to do next to get what they want, which is how they stay in business. When you think about it through that lens, it's a competition of creative forces: bad actors compete to get an outcome on their side, while we compete to prevent it. Ransomware is not going away. I pay close attention when there's a major strategic shift in what motivates the adversary. Shifts in tactics, techniques and procedures (TTPs), are predictive of what's coming next.

Content you might like

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

Read More Comments

Has anyone drafted an SOW for a cloud-based SIEM with setup, migration, and maintenance? I’m working on a FedRAMP-authorized SIEM SOW, migrating from on-prem Splunk, covering data, searches, alerts, dashboards, and models.  Scope includes Environment Setup:  Cloud provisioning, configuration, testing. Connectors/Parsers: Custom data source integration. Content Development: Rules, use cases, threat feeds. Performance Tuning: Query/index optimization. Runbooks: Operational procedures. Also required: 24x7 support, maintenance, lifecycle and application management, role-based training, and documentation.  Must comply with NIST SP 800-53, CJIS, and FedRAMP Moderate+. Goal: Secure, scalable SIEM for rapid deployment. I may be missing elements, so suggestions are welcome. Please share redacted SOWs or tips if possible.

What’s the top cybersecurity challenge concerning your organization right now?

AI-driven threats (deepfakes, automated attacks) 18%

Software supply chain risks 9%

Insider risk (both malicious & accidental) 9%

Regulatory compliance 18%

Cloud misconfigurations 9%

Shadow IT (or shadow AI) 9%

Ransomware 9%

Talent shortage in cybersecurity9%

Something else (comment to explain)9%

View Results

Anyone have experiences or POVs on TruffleHog Open Source vs Commercial license?

What is the most critical information you expect your cybersecurity team to deliver to you on a consistent basis?

Strategies to prevent ransomware from impacting data backup & recovery33%

What it will take to restore minimal operations after a compromise48%

How prepared the organization is to engage law enforcement in the event of an attack15%

How prepared it is to engage cybersecurity investigators2%

Other (share below)

View Results