Whether it’s a mental health clinic in Tulsa, a school in England, a meat company in Australia or an oil pipeline in the southeast United States, ransomware attacks have dominated recent headlines. These attacks can cost organizations billions of dollars in ransom and lost income, not to mention the risk to human lives.
In a ransomware attack, cyber extortionists deploy malicious software to infiltrate computer systems and encrypt data, holding it hostage until the victim pays a ransom. Ransomware can have an even bigger impact on an organization than a data breach, but Gartner research estimates that more than 90% of ransomware attacks are preventable.
Download now: The IT Roadmap for Cybersecurity
How organizations think about ransomware and cybersecurity will play an increasingly vital role in business and productivity.
This roundup of recent Gartner articles on cybersecurity offers guidance on ransomware, building a robust security and risk program, and insight into questions from the board.
6 Ways to Defend Against a Ransomware Attack
Many organizations end up paying massive amounts of money to their attackers, often through cyberinsurance protection, but the long-term effect is likely to be more ransomware attacks. Instead of building ransomware payments into the budget, organizations should focus on preparation and early mitigation. CISOs and security leaders can focus on six actions — from conducting initial ransomware assessments to enforcing governance and educating users on ransomware response actions. Read article.
Develop a Security Strategy for Cyber-Physical Systems
Unlike other types of attacks, ransomware targets physical operations, which means organizations need to think differently about risk and security. In a recent Gartner survey, security and risk leaders ranked the Internet of Things (IoT) and cyber-physical systems as their top concerns for the next three to five years. Although attacks on cyber-physical systems are not a new idea, attackers can now use ransomware to halt logistics operations and disrupt physical production. In this mindset, technologies like drones, smart grids and autonomous vehicles become dangerous targets. Read article.
Gartner Top Security and Risk Trends for 2021
Building a robust security ecosystem is vital for organizations in the era of accelerating digital business. From cybersecurity mesh to cyber-savvy boards to breach and attack simulation and vendor consolidation, each security risk represents a strategic shift in the security world that will have broad industry impact and significant potential for disruption. Read article.
5 Security Questions Your Board Will Inevitably Ask
“But how did this happen?” is just one of a million questions CISOs and security leaders will hear after informing the board of a breach or attack. Boards are increasingly savvy about cybersecurity risks, and directors recognize how important security and risk strategy is to ensuring that the business functions properly. As billion-dollar ransomware stories pile up in the news, these conversations become even more important. CISOs need to be prepared for questions they will inevitably have to answer. Read article.
3 Ways to Gain Support for Your Security Awareness Training Program
In terms of ensuring that a cybersecurity incident doesn’t happen, it’s key that organizations have an effective security awareness program with executive support. As attacks become more sophisticated, and their consequences more dire, the easier path is to focus on mitigation and security training. To be successful, security awareness programs require executive support. It’s easy to ignore another email from the security and risk team, but if the CEO emphasizes the importance of a training session, people are more apt to attend and listen. Read article.