Ransomware Crisis, Recession Fears Leave CISOs in Tough Spot

Combining robust decryption and orchestration of encrypted traffic with threat prevention is crucial to staying ahead of attackers.

4 Min Read
The word "Ransomware" under a padlock with gears in the background
Source: marcos alvarado via Alamy Stock Photo

Gartner projects worldwide IT spending will increase 5.5% this year, reaching $4.6 trillion, and forecasts information security and risk management products and services spending will grow 11.3%, topping $188.3 billion. However, with many chief economists believing a recession is on the horizon, executives and business leaders are being forced to make difficult cost reductions. One investment that may be facing cutbacks: cybersecurity.

Though cybersecurity programs tend to be fairly resilient in the face of economic uncertainty, chief information security officers (CISOs) and security leaders are still facing tough mandates and directives from other leadership to tighten spending, demonstrate value for investments, and double down on increasing efficiencies.

In a Hanover Research survey of over 650 financial decision makers, 47% of the responding organizations indicated economic disruption and recession as top business risks for 2023. Meanwhile, cybersecurity vulnerabilities fall by the wayside, with 11% ranking it as a top concern. This risk disparity comes at an exceptionally troubling time, as the world also grapples with rising geopolitical tensions and a ransomware epidemic.

Ransomware has exploded into one of the most damaging forms of malware and rapidly growing cybersecurity threats of our time. Verizon's "2023 Data Breach Investigations Report" (DBIR) reveals ransomware now accounts for one out of every four breaches, with 95% of incidents that experienced a loss costing $1 million to $2.25 million.

Unlike other types of malware, ransomware can destroy an organization in minutes, causing a ripple effect throughout society and the global economy.

With cybercriminals capitalizing on crises for exploitation, any compromise of an organization's security posture or a potential ransomware attack amid recession fears could leave them vulnerable to greater risks and in a dire financial position or, worse, out of business.

Number of Attacks Dip — but Impacted Records and Demands Remain High

According to research from F5 Labs, malware was responsible for roughly 6% of US breaches in 2019, and by 2020 ransomware alone was a factor in 30%. By 2021, that number surged to almost 70% according to Verizon's 2022 DBIR.

Comparitech reveals publicly reported ransomware attacks dipped in 2022, but the amount of individuals' data exposed grew to nearly 115 million from 49.8 million in 2021, and ransom demand in the business sector rose to $13.2 million from $8.4 million in 2021.

Focus on Prevention

Ransomware cybercrime is claiming victims left and right in 2023, from the US Marshals Service to Dole and Dish Network. In response, the White House has classified ransomware as a threat to national security, public safety, and economic prosperity. And despite government entities like the FBI, CISA, and OFAC enacting actions to counter ransomware, these steps alone aren't enough to end the evolving ransomware threat landscape.

With a new ransomware target being attacked every 14 seconds, organizations must prioritize ransomware prevention. With its developing sophistication, mitigating ransomware is increasingly more challenging. There's no silver bullet to eradicate attacks, and having to operate in a tight market adds a layer of complexity.

CISOs and security leaders must focus on the best return on investment while building out a multilayered approach for improving their overall IT security. One strategy to accomplish this is managing attack vectors using encrypted channels with preventive technologies that can stop adversaries before they have a chance to compromise networks or while they are executing their multistep campaigns.

Beware of the Familiar

Attackers not only employ malicious encryption to ransom a victim's files, they also leverage commonly adopted encryption standards to further their own ends.

Today, nearly 90% of all Internet traffic is encrypted with SSL/TLS, making it easy for cybercriminals to take advantage of cryptography and use it to mask ransomware to evade detection while using popular and successful breach tactics like phishing.

Ransomware gangs also take advantage of legitimate websites encrypted with SSL/TLS to look secure, but have been infected with drive-by downloads. And cybercriminals leech onto browser vulnerabilities that can lead to infection when the entry point is encrypted, allowing encrypted threats embedded with malicious payloads to go unnoticed.

Gaining visibility into encrypted traffic is a key aspect of managing encrypted threats, yet organizations should level up their defense to decrypt and inspect incoming and outgoing encrypted traffic, which is commonly called SSL Inspection or Break and Inspect (BNI), and automate traffic orchestration for enhanced efficacy and control.

Amid ongoing pressure to drive efficiencies with strained resources, it's critical for businesses to optimize their security investments. Decrypting, inspecting, and re-encrypting traffic remains an exclusive feature within a small subset of security devices. With the flood of SSL/TLS traffic, many of those devices can't handle traffic at large scale.

Consequently, security stacks can take a serious hit and be riddled with points of failure that can lead to greater chances of infected traffic bypassing decryption, as well as oversubscribed services that can increase total cost of ownership.

Combining robust decryption and orchestration of encrypted traffic with threat-prevention technology that can stop attacks before they happen — and go beyond blocking and alerting indicators of compromise (IOCs) — is crucial to staying ahead of attackers amid the ransomware crisis and potential global recession.

About the Author(s)

Greg Maudsley

Senior Director, Product Marketing, F5

Greg Maudsley is F5's Senior Director of BIG-IP Product Marketing. With more than 20 years of experience working and leading teams in the cyber security space, Greg returned to F5 in 2018 after leading Product Marketing at Menlo Security, a Silicon Valley threat Isolation startup. Prior to Menlo Security, Greg led F5 Security Product Marketing and has also worked at Juniper Networks, Cisco, and the Stanford Linear Accelerator Center. Greg holds an MBA from Santa Clara University, and a BS in Physics from the University of Redlands.

Frank Koehl

Vice President of Product Development, Trinity Cyber

Frank Koehl is Vice President of Product Development at Trinity Cyber and is responsible for establishing product strategy, definition, and design for Trinity Cyber's groundbreaking and award winning TC:Edge and TC:File service lines. Frank brings more than 20 years of experience in technology and engineering executive roles and a strong technical background in security, privacy, and compliance.

Over the course of his career, Frank has built and delivered over a dozen technology products, founded two startups, built out a $10 million engineering department and navigated two acquisitions. Frank consistently drives a security-first mindset in software development and leadership, with previous products flawlessly passing red team pen-testing assessment.

Prior to joining Trinity Cyber, Frank held engineering and technical leadership roles across various industries, including secure DevOps, healthcare, e-commerce, data retention and compliance. His previous employers include New Context (acquired by Copado) and Gorman Health Group (acquired by Convey Health).

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights