The vast majority (86.7%) of C-suite and other executives have said they expect the number of cyberattacks targeting their organizations to increase over the next 12 months, according to a recent Deloitte poll.
The ‘Big Four Firm’ revealed it also found that while 64.8% of polled executives said that ransomware is a cyber threat “posing major concern” to their organizations over the next 12 months, only 33.3% have simulated ransomware attacks to prepare for such an incident.
Kieran Norton, Deloitte Risk and Financial Advisory’s infrastructure security solution leader and principal, Deloitte and Touche LLP, said: “Strong executive and board level oversight of and support for the cyber risk management program is a critical part of event preparedness.
“Leaders at the highest levels need to understand the crucial role they play in prevention — by providing oversight, governance and tone from the top — as well as direct support for attack response.”
As such, Norton has suggested that business leaders can ask specific questions designed to probe the depth of the cyber program’s ransomware detection, prevention and response capabilities.
- Does our organization’s cyber incident response plan address ransomware attacks specifically?
- Has our organization considered adopting Zero Trust to help bolster cybersecurity against ransomware and other threats?
- Does our organization fully appreciate how ransomware attackers could exploit our use of emerging technologies to propagate attacks?
- Are we leveraging emerging technologies to better protect our organization from those threats?
- How does our organization test for ransomware vulnerabilities?
Does our organization conduct threat hunting to help manage ransomware risk?
Curt Aubley, Deloitte Risk and Financial Advisory detect and respond practice leader and managing director, Deloitte & Touche, added: “Over the past 12-18 months, executives across industries and sectors have witnessed — and increasingly experienced first-hand — the jaw-dropping frequency, sophistication, cost, and both economic and operational impacts of ransomware attacks.
“As some ransomware can evade antivirus tools and attackers find more ways to pressure victims to pay ransoms, these attacks often have national and global repercussions. There’s no time to waste when it comes to honing and testing incident response programs for ransomware and other cyber events.”