See below for a video and podcast version of the interview.
I spoke with Packetlabs CEO Richard Rogerson about one of the most challenging cybersecurity issues of our time: ransomware. We discussed trends in ransomware, including issues around buying insurance for attacks, and Rogerson provided his advice about combatting ransomware at the enterprise level.
When companies get their data stolen in a ransomware attack, it can immobilize operations. The hackers demand a large payment, which creates an exceptionally difficult issue: should we pay the ransom? What is the best course of action?
To boost cybersecurity, Packetlabs offers penetration testing. Companies hire Packetlabs to attempt to compromise their security defenses. Afterward, Packetlabs outlines the potential weakness, and the priority with which they should remediate them. So Rogerson and his team are exceptionally well versed on today’s enterprise IT security.
TABLE OF CONTENTS
Ransomware Insurance: Getting Tougher All the Time
Clearly, the question of whether to purchase ransomware insurance can be challenging. Executives need to weigh the issue from a number of different perspectives.
“So having insurance coverage, it used to be a simple question of: have you been breached yet?” Rogerson said. “And how many employees do you have? And that’s how the cyber insurance providers were doing that check.
“Well, now it’s a five-page double-sided question and answer, multiple choice, and it just keeps going. There are a lot of controls they’re looking at. And the problem is that, in cyber, they don’t have actuarial data as they do, for instance, in the auto insurance industry.”
Without this actuarial data, the insurers were in essence flying blind.
“In cyber, it was almost like [the insurance companies] were writing the blank check: ‘how many employees do you have and have you ever been breached?’ And we’ve gotten into the sticky situation where the insurance providers, not all of them, but some of them, were actually preferring to pay out the ransom than to restore. Because it’s more expensive to do the full rebuild from the ground up than it would be to pay the ransom.”
Gaming the System
Not surprisingly, the ransomware gangs figured out how to game the system, and started setting their prices accordingly.
“This has obviously fueled a wave of ransomware,” Rogerson said. “And a lot of companies, they struggle with, how do you solve this problem? Do you wait to get hit or do you buy insurance?
The best solution, of course, is to build a strong defense.
“And it’s always a tricky thing, but what it comes down to is, you have to drill into your network and understand your network from an attacker’s perspective. You have to think like an attacker in order to understand what controls you should have in place.”
Building an iron-clad perimeter isn’t easy. It requires poking and prodding your network – using pen testing – to find any weaknesses, and then bulking up the needed security protection.
Employee Cyber Training: Constant Fire Drills
Companies, of course, hope that cybersecurity advances to the point that ransomware is a thing of the past. They dream of simply purchasing good security software and then crossing ransomware off their list of worries.
Rogerson is skeptical that this happy day will ever arrive. The problem? “It comes down to the human element. You have a number of security controls, but if you’re not testing and verifying and having all these other processes in place, those mistakes will happen. Even with the most secure companies, the human element is still there.
“So I don’t know that there’s anything outside of going through an exercise consistently to really prepare your team for an incident. Everybody needs to always test and verify.”
Think of this testing like a fire drill, he said. “In the early days when we didn’t run fire drills, it was chaos. We didn’t know what doors to go out, we didn’t know what to do. But when you go through the process of running simulated drills, you have an opportunity to reduce the potential for anything like this happening.”
Future of Cybersecurity: Again, Constant Testing
The question on the minds of many executives is: how can we prepare for the future of cybersecurity now?
Ransomware is “definitely going to be on the rise,” he said. “We’re already seeing a remarkable uptick in the amount of attacks, and the number of clients who are being impacted by ransomware. This trend will continue the whole ‘cash for data’ kind of attack.”
Companies need to be intensely focused on improving their network security.
“How do we test but verify that we have the right controls in place? A lot of that comes down to going through a simulated exercise to understand what you would do in a breach. Sometimes it ends up being a tabletop exercise. Sometimes it’s a ‘red team’ style exercise to demonstrate how far you could you get.”
In any case, companies needs to consistently – and constantly – test their defense. And again, he stressed that the core to a good defense is training staff. “What it comes down to is, we have to train our people,” he said. “That’s going to continue to be a common theme: people end up being the weakest link.”
Video and Podcast
Listen to the podcast:
Also available on Apple Podcasts
Watch the video: