Total Security Advisor
Practical Security Tips, News & Advice.
Updated: Oct 7, 2022
In May 2021, the United States was stunned by a ransomware attack on the Colonial Pipeline that brought fuel delivery on the East Coast to a standstill. While this attack shed light on the long-standing digital vulnerabilities in the country’s critical infrastructure, ransomware has always been quietly pummeling small and midsize American businesses.
In 2021, crypto analysis firm Chainalysis estimated that victims of ransomware paid over $692 million dollars in extortion payments. This marked a 70% increase from the previous worst year on record (2020), and it only tells half the story. Analysis from cyber insurance claims shows that as frustrating as it is to pay criminals to restore critical data, the cost to the business is significantly worse.
Data from insurance broker AON projected that business costs from ransomware attacks in 2021 would top $20 billion. Worse, 70% of ransomware victims are small to midsize enterprises (SMEs) with less than 500 employees. This is a sweet spot for criminals because these organizations—many of which are cities, hospitals, and school districts—can’t afford to shut down, but they also suffer the worst because they can’t afford the estimated 700,000 cybersecurity positions we see in other industries.
At Resilience, we are laser focused on these middle market organizations and see firsthand the pain enacted by this menacingly profitable form of cyber crime. For this reason, Resilience worked with over 40 partners—including Microsoft, the Cyber Threat Alliance, and the U.S. Department of Homeland Security—to launch the Ransomware Task Force in April 2021.
In its first report, the Ransomware Task Force called for the cybersecurity community to “develop a clear, actionable framework for ransomware mitigation, response, and recovery.” This call was the driving force for the newly released Blueprint for Ransomware Defense, a set of well-regarded and widely used best practices that help enterprises focus their resources on the critical actions needed to defend against most common cyberattacks.
The Task Force built the Blueprint to advise the SMEs that comprise most of the targeted organizations. It prioritizes security controls that help build resilience to ransomware and are affordable and accessible for SMEs.
The Task Force also designed the Blueprint to equip security leaders with language they can use with non-technical executives, templates for incident response planning, and common vendor examples for each control.
Resilience contributed its firsthand experience in technical analysis of ransomware incidents from its underwriting experience and modeling of which security controls were most effective at reducing overall response costs. When underwriting accounts for ransomware risk exposure, some of the controls considered include:
While none of this is earth-shattering to security professionals, we believe that the core value of the Blueprint lies in its ease of implantation by the partners that serve this highly targeted group of SMEs, including cloud providers, consultants, and managed service providers.
For those looking to support SMEs either internally or as a partner, the Blueprint prioritizes these controls along seven categories:
Know your environment: This includes Foundational Safeguards designed to help identify what systems are core to your business’ critical operations.
Secure Configurations: Protecting your environment begins with a strong configuration management process that determines how networks are architectured and governed.
Account & Access Management: Protects user accounts from being leveraged by a ransomware actor to gain access to critical or sensitive business data.
Vulnerability Management Planning: Protects by staying up to date with the nearly 18,000 vulnerabilities security researchers find every year.
Malware Defense: Protects endpoints from attacks that can give ransomware criminals access to users’ accounts and network privileges.
Security Awareness and Skill Training: Protects against human vulnerabilities to social engineering and phishing attacks.
Data Recovery & Incident Response: The last line of defense is the ability to recover from an attack by backing up critical data and practicing incident response efforts that restore data promptly.
Coming back from a successful attack without resorting to extortion payments or a complete overhaul of critical systems is the other half of a cyber-resilient mindset. Resilience believes the traditional cyber insurance market has to evolve from simply transferring financial burden of an incident toward using data and knowledge to increase the safety of customers. This virtuous cycle of security and insurance has been shown to reduce claims costs, increase patching cadence, and drive executive attention.
We feel bold enough to say the cyber resilience model must be the next insurance market evolution for this product. With the Ransomware Task Force Blueprint launch, we believe this is a concrete first step down that path and encourage you to join us.
Access the Blueprint for yourself here.
Davis Hake is the Co-Founder and Vice President of policy at Resilience. Prior to co-founding Resilience in 2017, Hake managed cybersecurity strategy for Palo Alto Networks, served on the National Security Council, and was a lead author of cybersecurity legislation in the U.S. Congress. Hake is an adjunct professor of risk management at the University of California, Berkeley, and is a term member of the Council on Foreign Relations. He holds a master’s in strategic security studies from the National Defense University and a bachelor’s in international relations and economics from the University of California, Davis.
Download this free report to learn seven steps to protect your facility from workplace violence.
This report is sponsored by the Total Security Summit, an event specifically organized for VPs, Directors, and Managers of Security who are directly concerned with their facility’s security and safety operations.
The Security Industry Association (SIA) announced a major milestone in its SIA OSDP Verified initiative – that over 100 device models have been named OSDP Verified through the comprehensive program, which validates device conformance to the SIA Open Supervised Device Protocol (OSDP) standard. SIA OSDP standard is an access control communications protocol standard maintained by SIA to improve interoperability, add […]
GXO Logistics, Inc., the world’s largest pure-play contract logistics provider, announced that it has deployed advanced air and ground security robotics at one of its major distribution centers in Clayton, Ind., and plans to significantly increase deployment of automated security systems across other sites within the next year. This would be the largest air and […]
The Security Industry Association (SIA) is pleased to announce the first members of its Utilities Advisory Board Steering Committee. SIA created the Utilities Advisory Board to offer insight and education to security practitioners, members of the security industry and other stakeholders about emerging security trends, regulatory compliance issues, and recommended practices for protecting utility infrastructure. The steering committee members, […]
SILVER SPRING, Md. – The Security Industry Association (SIA) has named Alice DiSanto the 2022 recipient of the SIA Committee Chair of the Year Award, which recognizes individuals for excellence in leading SIA committees and advancing member objectives. SIA will present DiSanto with the award at The Advance, SIA’s annual membership meeting, which will be held March 22 during […]
ISC West, in collaboration with premier sponsor Security Industry Association (SIA), continues to experience steady growth for the upcoming event, and will be taking place just less than two months away on March 22-25, 2022 at the Venetian Expo in Las Vegas (SIA Education@ISC: March 22-24 | Exhibit Hall: March 23-25). After initial reports of […]
Our world is full of threats both external and internal. This whitepaper encourages looking at life safety and security measures on your campus from another perspective. Most facilities have addressed access control and the securing of main doors, but those should be measures of last resort. There are steps you can take — some that you may not have considered — to mitigate the threat before it arrives at your front door.
The 2019 Total Security Salary Guide is here to help physical and technical security employers and employees understand where they stand in today’s security job market. This Salary Guide includes not only salary and wage data from 2017 to 2018, but also certification information as it applies to 20 benchmarked exempt and nonexempt security positions.
A proliferation of cameras has resulted in an overwhelming amount of video available to security operators, analysts and investigators. Technology that used to be prohibitively priced, is now cheap and readily accessible.
Learn how to protect your people, assets and physical spaces better with AI-powered solutions that deliver whole-building security.
