FireEye Stories Blog

Measuring Security Effectiveness: Infiltrations and Ransomware

These days organizations need to measure their security effectiveness and justify their cyber security investments. As we discussed in our Mandiant Security Effectiveness Report 2020, the C-Suite is now tasked with providing the proof that their business-critical assets are protected from an attack or breach. To get there, security and business leaders need to be aligned in their security objectives, and that means they need to be thinking about security effectiveness and taking proactive measures to protect their organizations from attack.

Security validation is more important now than ever before, especially with adversaries becoming increasingly sophisticated and targeted in their attacks. In today’s world, attackers can infiltrate a network in any number of ways. Perhaps the most common tactic is spear phishing, which is when a user is sent a very targeted email that tricks them into clicking a malicious link, providing confidential information or following some other direction. Threat actors use this tactic to slip through cyber defenses and carry out any number of follow-on attacks such as installing ransomware in an organization’s environment.

Ransomware is one of the nastiest attacks out there right now. Once executed, the malware encrypts an organization’s data, with the cyber criminals demanding fees to resolve the attack. Even for organizations that are prepared, attackers can target specific systems within the network such as critical backup systems and servers. They can also pre-stage ransomware all around the network and use a timer so that the ransomware detonations happen simultaneously.

Without a doubt, ransomware has a detrimental impact on an organization. Organizations that fall victim to this type of attack may decide to pay the ransom rather than risk losing valuable data, and as we have all read in the headlines, ransomware can result in significant financial losses.

Yet, despite leaders knowing just how devastating ransomware attacks can be, in our report some of the results were startling. Of note, we found that after testing against infiltration and ransomware tactics, organizations reported their controls did not prevent or detect detonation within their environment 68% of the time! That means security teams typically see only approximately one-third of those attacks, which is alarming when we think of the severe impact a successful attack can have on a business.

As discussed in the report, one of the causes of this low detection rate is the “set it and forget it” mentality. In other words, security teams install security tools in their default configurations and fail to perform updates. As a result, those controls are not able to detect the latest attacks. Another common cause is that organizations are not clear on how to test against real ransomware attacks, so they blindly trust that their controls are working.

In order to overcome these challenges, organizations need an intelligence-led approach to continuously measure and monitor controls. They also need a solution that provides advanced detection and prevention supported from actionable threat intelligence so they can test against the latest ransomware attacks. Only then can they capture the quantitative evidence needed to identify security gaps, reduce risk and improve their overall security posture. And that means from the CEO to the CISO, organizations have to rethink how they view and approach cyber security. In a nutshell, they need to start proactively measuring and managing cyber security just as they would any other business function.

Interested in learning how you can validate your controls against current and actual attacks? Head over to our website to download a full copy of the Mandiant Security Effectiveness Report 2020, including a list of the 10 fundamentals for successful cyber security effectiveness validation. Then head over to our ransomware page to learn how FireEye can help protect organizations from this potentially devastating threat.