Quite rightly, many businesses—and their IT security specialists—are concerned about ransomware attacks. 2021 saw a number of high-profile attacks, with the threat showing no sign of abating in 2022. And, locked out of their systems, their data, and their networks, businesses have few easy choices left open to them. Many seriously consider paying up.
However, look in detail at incidents where ransomware attacks have succeeded, and many have a common thread. Which is this: those attacks didn’t succeed because security measures weren’t in place—they were—but instead, because those security measures weren’t operating as expected.
Security systems had been deactivated, or their sensitivity turned down, or they simply weren’t visible. (Yes, it happens.) They weren’t all-encompassing, thereby providing an opening for an attacker. They hadn’t been properly configured. They hadn’t been updated. And so on, and so on.
The weakest link
Simple little things, to be sure. But easily overlooked among the complexity and detail of the typical business’s security landscape. That is, until disaster strikes, and systems become inaccessible
And, as we at Quod Orbis always remind our clients: your security is only as good as its weakest link. Put another way, a ransomware attacker only has to get lucky once. But businesses have to stay lucky always, if they don’t want to find themselves locked-out of their systems.
Helping those businesses to achieve that: a different way of thinking about security, known as Continuous Controls Monitoring, is surely mandatory.
Up to the minute insights
At its simplest, Continuous Controls Monitoring is easily understood. In essence, it is continuous, near-real-time monitoring of all of a business’s security controls and systems, via telemetry.
Rightly, Continuous Controls Monitoring has been described as a game-changer. At a very granular level, businesses using Continuous Controls Monitoring obtain near-real-time monitoring of all their security controls and systems.
And it’s this near-real-time monitoring that ‘plugs the gap’ through which ransomware attacks compromise a business’s security posture, and through which their security measures fail.
Namely, it’s not that businesses haven’t invested in security controls and systems—it’s that those security controls and systems have had their effectiveness compromised, either deliberately or accidentally.
What Continuous Controls Monitoring delivers
So what, specifically, would Continuous Controls Monitoring look for in a business? Your business, say?
And what impact might it have on the security posture and security effectiveness of your business? Specifically, in the context of not just ransomware, but serious security threats of any comparable nature?
You don’t have to guess. Imagine how useful it would be to have near-real-time insight into the answers to questions like these:
- How many controls are in place, versus how many controls should be in place (think of SOC / SOAR)?
- Who or what has visibility of those controls?
- Have the controls been configured effectively (think of email gateway, protection of public facing services)?
- How long has elapsed since the controls were put in place or switched on?
- Are they operating at optimum effectiveness, or has their sensitivity or scope been reduced (think of vulnerability scans or anti-virus deployment)?
- Under what versions of software or firmware are they operating?
- Which areas of the business are they protecting?
- How well is the business performing against the regulatory / security framework / compliance requirement of choice?
A better approach
And remember, these are questions to which the answers appear in near-real-time, all day, every day, all year.
The contrast with less effective approaches to security—such as periodic audits—couldn’t be greater.
And if your business is serious about the ransomware threat, then we believe that equally-serious discussions about Continuous Controls Monitoring should be on the agenda. Because when ransomware strikes, it’s too late.
Want to know more? Please get in touch by calling Agwu Nwoke on 020 3962 2206.