The reduction in revenue generated by cyber ransoms in 2022 was estimated on illicit cryptocurrency activities monitored globally by the company Cryptoanalysis. The study also indicates that this result is much more associated with a tendency for victims to refuse to make payments than with a possible decline in the number of attacks.
As many companies resorted to ransomware insurance in order to reduce the damage of an attack, this could already be the explanation for the market's willingness to not pay to get their data back. However, the study reveals that, in addition to this fact, insurers are demanding proof of preventive security measures before accepting hiring. For a new policy to be issued, the customer needs to demonstrate having comprehensive backup systems, using incident detection and response tools, and operating with multiple authentication factors, for example. This strict level of demand puts pressure on companies to become more secure, increasing their investment in data protection and, consequently, obtaining a level of confidence sufficient to say no to cybercriminals.
In order to follow this path of maturity in cybersecurity and still be able to provide sufficient information to insurance auditors, it is essential to start with a complete view of the gaps and an action plan, prioritizing the most critical requirements according to each business, recommends Rafael Cividanes , Head of Cybersecurity at Kryptus, a Brazilian company specializing in cybersecurity and encryption solutions. “Today we offer our customers security diagnostic services with a 360° coverage, involving their infrastructure, applications, devices and systems to map out what needs to be done and the best way to do it”, explains Cividanes. The construction of the security policy and incident response guides (playbooks) are also part of the service provided by Kryptus and serve as a support base for the presentation of evidence to audits.
The second step is to implement a monitoring and incident response center with tools and resources dedicated to combating threats and vulnerabilities, which corroborates to demonstrate that security is being addressed on a recurring basis. Due to the difficulty in finding qualified professionals available in the market and the complexity of managing these resources, outsourcing managed security services has proven to be advantageous. “Kryptus' SOC-as-a-Service model, for example, enables access to top-of-the-line solutions, 24/7 specialized services and all the necessary infrastructure for the operation at more accessible costs”, observes the executive.
There are several market forces converging on the maturing of organizations in relation to cybersecurity, whether on the side of the need for protection or the offer of increasingly complete services and solutions to meet different scenarios. The ransomware pandemic may be with the days of contact for companies that are aware and seek vaccines to combat this evil, concludes Cividanes.
