Threat Intelligence & Ransomware
Colonial Pipeline. JBS Foods. Washington DC Metropolitan Police Department.
Ransomware doesn't play favorites. It strikes every industry around the world. According to the Checkpoint Software Security Report 2021, attacks targeting healthcare facilities, medical institutions, and pharma research centers were executed at an unprecedented rate in 2020, with healthcare being the most targeted industry in the U.S., with a 71 percent increase in attacks in October 2020 compared to September 2020. In November and December 2020 alone, attacks targeting healthcare organizations increased by 45 percent, double the increase of attacks seen in the same time period across all industry sectors (22 percent).
Unfortunately ransomware is an extremely lucrative business for cyber criminals. It’s estimated that ransomware cost businesses $20 billion in 2020, nearly double what it was in 2019 ($11.5 billion). In 2020, the average ransom paid by mid-sized organizations was $170,404. However, the average bill for rectifying a ransomware attack, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid, etc. was $1.85 million. (Sophos The State of Ransomware 2021).
Ransomware's effects can be felt long after any money exchanges hands. On average, organizations that paid the ransom got back only 65 percent of their encrypted files, leaving over one-third of their data inaccessible. Twenty-nine percent of respondents reported that no more than half of their files were restored, and only 8 percent got all their data back. (Sophos The State of Ransomware 2021).
Furthermore, there’s a new chapter in the ubiquitous story of ransomware that involves an evolution from data encryption to incorporating new methods of extortion. This carries critical consequences for organizations' operations, reputation, and competitive advantage. This threat cannot be stopped using a traditional data backup process, and it extends beyond an organization’s perimeter to their critical third-party ecosystem. Extortionware is ransomware 2.0.
In order to fight these threats, companies need a methodology that combines a wide range of security safeguards with a modern approach to third-party cyber risk management, including threat intelligence and comprehensive data analytic capabilities. Having complete visibility into the security postures of an entire vendor ecosystem is the key to combating the weaponizing of data.
Framework Mapper: Ransomware Threat Profile
CyberGRX’s Framework Mapper allows you to map our award-winning assessment back to both custom and industry frameworks to instantly gain visibility into controls coverage, measure data protection policies and standards of third parties, and drive remediation workflows. Our team of cybersecurity professionals are continuously adding threat profiles, ensuring users always have complete visibility into the cyber risk presented by their third parties, giving them the tools they need in order to remain cyber certain against even the newest cyber threats.
In response to the increase in ransomeware incidents, we've added the Ransomware Threat Profile which allows a company to pull a report for individual third parties to view their coverage of 124 controls that have specifically been identified as critical to ransomware protection by MITRE®.
CyberGRX examined tactics and techniques from over 160 use cases, including 49 ransomware attacks, in order to identify 124 primary controls needed to detect, prevent, and mitigate the threat of ransomware. In line with our other threat profiles (CodeCov, Accelion, SolarGate, etc.), this new threat profile provides a view of how the third party rates against each identified control. Companies can filter by those controls that are missing/absent and follow up with the third party to request remediation.
In order to utilize this new threat profile, users simply need to access the Framework Mapper from a third-party's assessment page on the CyberGRX dashboard, and select Ransomware Threat Profile from the drop-down menu.
If you're a member of the CyberGRX Exchange and have questions about the new Ransomware Threat Profile, your CSM can assist you. If you're looking to take a modern, data-driven approach to third-party cyber risk management, one of our team members can work with you to determine the best strategy to keep your organization safe.
Contact CyberGRX today for a demo to see for yourself how a TPCRM platform can streamline your organization’s new vendor onboarding processes.