CISOs on Advanced Threats: How do we Respond to Rising Cybersecurity Stakes?
Cybercriminals have been launching attacks against our people, networks, and services for decades with varying success. So, the need to realign our defences to meet the demands of evolving threats is nothing new.
But with access to masses of corporate and personal data, and increasingly powerful tools at their disposal, the threats levelled by today's cybercriminals are more devastating than anything that has come before.
Whether focusing their crosshairs on critical infrastructure or amping up traditional threats like ransomware, threat actors are increasingly out to inflict maximum damage. With the stakes this high, CISOs can waste no time building defences capable of detecting and deterring these blockbuster attacks.
Ransomware has been a thorn in the side of CISOs for years with its all-too-easy ability to encrypt critical data, disrupt vital services, and wipe out entire operational systems.
However, while potentially devastating, traditional scattergun ransomware at least offered a relatively simple solution—pay the ransom or restore from backups. Unfortunately, in these days of big-ticket attacks, this is no longer an option for most.
Modern ransomware 2.0 is far more targeted and methodical. Now, cybercriminals will compromise an individual endpoint, enter networks, and attempt to evade detection. From here, they can escalate their privileges, identify sensitive information, exfiltrate data, and poison backups before finally setting the trap of ransomware.
When the trap is sprung, the victim's options are limited. With backups compromised, paying a ransom can feel like the only recourse. But with sensitive data already breached, even doing so is no guarantee of escaping unscathed.
Such is the recent epidemic of ransomware that some CISOs are advising organisations to adopt a breach mindset—assume that you will fall victim to an attack and start planning your recovery. In a recent episode of the CISO Voices podcast, leading fintech CISO Todd Wade said:
"There is no shame to these individuals. When they hit you, they want to go for maximum damage.... So, you have to assume you're going to be hit with ransomware. The question is, how fast can you recover? How resilient are you?"
Protecting critical infrastructure
As well as increasing the potency of their attacks, modern cybercriminals are also more often targeting high-profile critical infrastructure, such as healthcare.
Thanks to masses of sensitive data, a patchwork of new and legacy systems and a need for uninterrupted service, the healthcare industry has been in the sights of threat actors for some time.
But an increased appetite for attacks on public services, overstretched resources, and the lasting disruption of the pandemic have combined to make them even more vulnerable.
Kate Mullin, CISO at the Cancer Treatment Centers of America, who also took part in the CISO Voices podcast series, says the situation is worse than ever before.
“Ransomware attacks in the healthcare industry have gone up significantly. And my biggest concern is that ransomware can adversely impact your ability to deliver oncology care to patients. Many patients can't start over if there is a disruption in their care, which to me, is tragic.
At the same time, we're dealing with COVID, technology problems with third-party vendors, and the effects of the Russian conflict due to the need for drugs made up of chemicals that come out of Ukraine… But the bad guys don't care."
The healthcare industry cannot afford inaction against such sophisticated and remorseless attacks. As well as bolstering defences with tools and protocols, CISOs must work with the board to implement security awareness initiatives. Kate adds:
"Everyone in IT needs to learn information security skills. And everyone is in IT. If you are loading apps onto your phone, you're in IT. If you have children, you're in IT. If you're working from home, you're definitely in IT.
Every member of the workforce needs to know what it means to patch computers, what a VPN is and why we use them, and so on. And we, as cybersecurity professionals, need to get better at communicating what they need to know."
Want to hear more?
To hear from Kate, Todd, and other CISOs in their own words, listen to the six-episode CISO Voices podcast series. Or, for more cybersecurity research, insights, and resources, head over to Proofpoint's dedicated CISO Hub.