A Sheep in Wolf’s Clothing?
2022 RSAC Trends and Insights
The world’s most attended annual cybersecurity conference—RSAC—concluded in San Francisco last week and in typical fashion, the event hailed some of the trends, welcomed a host of emerging cybersecurity vendors, and bid farewell to some of the old-timers that have since been traded off, end-of-life’d or absorbed into other technologies.
The nature of the cybersecurity industry’s largest annual event hasn’t really changed all that much in the 20+ years that it has been held. Companies vie for their share of the booming cybersecurity tools market, technology firms showcase their latest version of what the guy across the aisle is doing, free tee-shirts are given out like candy at Halloween, and Buzzword Bingo is all the rage.
This year, as with former RSAC events, the catchphrases surfaced up a few favorites, including “Inclusion,” the old favorite, “Cloud Everything” and three particular topics catching the conversation airwaves almost as often as the word “literally” is misused by Gen Z’ers in just about every conversation taking place today :
- “Zero Trust”
- “XDR”
- “Ransomware”
In reference to that last topic, members of our cybersecurity team met with representatives from the cyber division for the FBI, and discussed the issues that are considered the most relevant and dominant in the Bureau’s pursuit of these threat actors:
- Organizations are being encouraged to STOP paying ransoms as this continues to be the primary source of “recurring revenue” for the various threat actor groups.
- Foreign agencies are highly leveraged as the majority of sources behind these events. They are well-funded, well-organized, and strategically distributed to conduct their activities without a lot of interruption.
- Insurance companies are slowing their responses to providing reimbursements to ransomware events, and if a ransom is paid, the chance of reimbursement continues to become more difficult. Most of this is tied to whether a target organization has the appropriate processes and controls in place (as defined by various GRC guidelines, such as ISO, NIST, and CIS).
- Successful defense against ransomware still continues to be focused on prescriptive measures that are rooted in well-defined processes, awareness, and basic cybersecurity hygiene around authentication, user access, phishing defenses, system patching, and network segmentation.
And as everybody now understands—often well-disguised as unassuming contacts, these cyber wolves are more times than not—gaining access to sensitive data and holding that data hostage for millions of dollars. But “Fear” doesn’t fix problems and planning, and preparation can offer a proven defense plan, and we think we have a pretty good understanding of what a business needs to do to reduce the risk of a ransomware darkening its virtual doorstep.
On behalf of Guidacent, I’d like to invite you to review our ThreatRecon Ransomware Defense Services as a means of helping your organization reduce the likelihood of impact—and even potentially avoiding a ransomware event altogether. If you or someone within your leadership is asking or considering any of the following, then our Ransomware Defense Services is the best place to start to identify if the wolves are at your door:
- Is Ransomware as bad as it is reported?
- My organization is not that large, why should I be concerned?
- What are “Indicators of Compromise” and how do we find them??
- What can I do right now to reduce my threat?
You can find out more about how Guidacent is addressing this continued threat by click here for our Ransomware Defense Services , or by sending us a request for further information at [email protected].
Our Cybersecurity Services range from Cybersecurity Assessment Services, or if your business needs advisory services, we offer Cybersecurity Professional Services with consulting on-demand.
We look forward to working with you to help get rid of these wolves in sheep’s clothing!