U.S. has recently introduced legislation in the form of a bill (‘Ransom Disclosure Act’) that would require the disclosure of ransomware payments from organizations to help understand the size and currency of ransomware payments.
The legislation was introduced during October 2021 by Senator Elizabeth Warren (D-Massachusetts) in the Senate and Representative Deborah Ross (D-North Carolina) in the House.
The bill comes as the Biden government is becoming more serious about the scope and severity of the threat. As an example, between 2019 and 2020 ransomware attacks rose by 62 percent worldwide and by 158 percent in North America alone.
The primary risk that exists is to organizations with outdated cybersecurity frameworks and networks provide hackers with easier access and the opportunity to move laterally in order to find valuable data after they establish a foothold in the network.
So what can businesses in this predicament do about this?
According to Mary Roark, VP of cybersecurity strategy, Accedian ransomware vulnerabilities affect multiple industries. However, common strategies can be adopted by businesses in order to strengthen their cybersecurity.
According to Roark the fundamental flaw within any large organization is with the human resources. Roark says: “The human element remains the weakest link when it comes to preventing ransomware attacks.”
It appears that data is under constant attack from advanced adversaries and threats evolving at a pace that traditional security approaches are seemingly failing to protect.
This is because “Organizations can spend a lot of money and time implementing cybersecurity measures but it only takes one mistake from an employee to cause a domino effect on the whole company.”
However, the human factors approach can assist in developing systems that can counteract the human weaknesses. Roark observes: “With this in mind, organizations need to stop and rethink about employee behaviors, and teach employees the warning signals of cybersecurity attacks and limit access to data and systems.”
Human error consists of a vast range of actions, such as from downloading a malware-infected attachment to failing to use a strong password. This variation makes pinpointing the human factors challenging.
This approach can pay dividends, Roark says: “In doing so, companies can “keep doors closed” to high-value data and systems, and audit access frequently to prevent privileged access creep.”
