Ransomware has evolved from attacks on users to attacks on organizations. In the past, if your data was encrypted by ransomware, you could restore it from your backup. Today, this is no longer the case, as ransomware can also compromise our backups.

Today’s ransomware is sophisticated, it has building blocks and can change its behavior and attacks depending on the customer environment.

In this blog article, I will give you an overview of ransomware, the future of ransomware, and what impact it has on companies.

Ransomware is a type of malware that encrypts data, virtual machines associated files, databases, and others. When it infiltrates the system, it encrypts the data and creates a .txt ransom note with instructions for the victim on how to make a payment and obtain the description key.

It is usually spread via phishing mails (look for QR code scams), social engineering, and other attack methods. Ransomware can attack various targets and their data, including Windows, Linux, MAC, VMWare, Hyper-V, Citrix, databases, and others.

This is how ransomware works

It causes a lot of problems for SMBs, SMEs, governments, healthcare, and all other industries. If there is no operational business data, there is no business.

According to a Ransomware attacks survey, 14.1% of ransomware victims lost data, and 6.6% had to pay the ransom.

14.1% of ransomware victims lost data, 6.6% had to pay the ransom

If the victim does not pay, the ransomware group threatens to release the files piece by piece or to sell them to interested parties. In this way, they force the victim to pay.

Ransomware attacks are not a new development in the cyber world. OK, we may hear them more often because they have been very popular over the last decade.

The first version of ransomware dates back to 1989, when Joseph Popp, the author of the AIDS Trojan, distributed floppy disks in over 90 countries on behalf of the PC Cyborg Corporation.

The AIDS trojan

Anyone who inserted the diskette into their PC was infected with malware.

The malware encrypted their files and demanded payment of $ 567 for the decryption key. Joseph Popp is known as the father of ransomware.

From 2005 to 2010, fake antivirus ransomware was very popular. This fake antivirus program detected a fake threat in the system and asked users to pay for the antivirus license to delete the threat. Payment was made by credit card and ranged from $ 20 to $ 100.

From 2010 to today, we have seen different types of ransomware attacks targeting different systems and industries. It’s not just about a single operating system, but anything that becomes a technological trend (hypervisors, hyper-converged infrastructure, cloud, IoT, IIoT, OT, etc.); quickly becomes a target for ransomware gangs.

In the recent ransomware attack on IxMetro PowerHost, a hosting provider from the US, the ransomware gang encrypted their VMware ESXi and virtual machines and demanded a payment of two bitcoins per affected customer, totaling about $ 140 million.

When IxMetro PowerHost realized that their data could no longer be used, they wanted to restore healthy copies from the backups.

However, that didn’t work well. Their backup was also encrypted.

This is the evolution of ransomware. It started very small and grew significantly, both in terms of damage caused and ransom demands ($ 567 in 1989, and $ 140 million in 2024).

Technology is constantly changing. Ransomware would not be successful if it did not follow technological trends. According to various reports, the number of ransomware attacks doubled in 2022 compared to the previous year and increased by 130% in 2024.

So, ransomware is here to stay.

In this section, we will talk about trends that might determine the future of ransomware.

In the past, ransomware mainly targeted Windows due to its large market share. Today, with the growing market share of Linux, we can observe an increase in ransomware attacks against Linux as well. For instance, the first version of Monti ransomware only targeted Windows, while the newer version also can attack Linux distributions.

In the future, ransomware will be more tailored to different targets and industries. For example, we can see an increase in ransomware attacks on hospitals and pharmacies, transportation industries, financial institutions, education, and other industries.

Industries targeted by ransomware

Additionally, we can see more ransomware attacks in this direction targeting PLCs (Programmable Logic Controllers) in OT networks. PLCs are often operated with Windows or Linux systems. A 10-minute downtime in production can lead to hundreds of thousands in financial losses.

Hacking used to require extensive knowledge and skills.

RaaS platforms now allow cybercriminals to launch ransomware attacks with minimal technical expertise. These platforms are developed by ransomware gangs to speed up and automate the execution of ransomware attacks. RaaS recruiters recruit people on the internet and ask them to join the ransomware group and participate in the attack.

These platforms have a user-friendly interface, detailed user manuals, forums, and 24-hour support. It is a real (malicious) business method.

Some well-known RaaS platforms are Hive, DarkSide, Revil, Dharma and others.

We will see an increase in the usage of RaaS platforms.

Have you heard about the Solarwinds hack, one of the biggest cybersecurity breaches of the 21st century? Solarwinds provides network monitoring and management tools for IT infrastructures.

Here is what happened.

An attacker injected malware into SolarWinds’ software development process, specifically the Orion software updates. As soon as customers downloaded the update, they also downloaded and installed the malware on their systems.

Antivirus and security tools could not detect it. Attackers gained access to a network of over 30 thousand public and private customers. They had access to their data.

This was one of the biggest supply chain attacks in modern times.

Many products are dependent on third-party services which open a product across different layers. In the future, we will see more and more ransomware attacks delivered via supply chain.

When IxMetro PowerHost, a hosting provider from the US, realized their production machines and data were encrypted, they informed customers and started the restoration process.

However, very quickly, they realized backup copies were also encrypted.

Attacking backup copies is becoming a trend. If production and backup are encrypted, the victim has no choice but to pay the ransom, unless they have offsite backup copies and immutable technology in place.

Governments and security researchers recommend not paying a ransom. The idea behind this is to show ransomware gangs that their malicious activities are not profitable.

Nevertheless, ransomware groups have invested time and resources to hack the system and are looking for all possible ways to monetize their operations.

They have started exposing data on the dark web if the victim refuses to pay for the ransom. This provides them with additional income. We call it double extortion.

Whether the victim pays or not for the ransom, there is no guarantee that the data will not be sold to interested parties.

Today, Artificial intelligence (AI) is used everywhere. It is not strange that ransomware gangs would use it for malicious purposes. We can expect more AI-driven ransomware attacks on various targets and industries.

The National Cyber Security Center (NCSC) predicts that ransomware will benefit the most from AI in the next two years, alongside other cybersecurity attacks.

Ransomware attacks will be more effective and dangerous. AI-driven ransomware will help identify vulnerabilities in systems and adapt the behavior and each attack to the customer’s environment.

Sounds scary!

To respond to ransomware threats driven by AI, security vendors are developing AI-driven defense systems.

This is a game of offense and defense.

If we look at the reports after the attack, we can see that the attack could have been prevented if stronger security measures had been taken.

Several strategies can help organizations prevent future ransomware attacks. The foundation of prevention is strong IT security measures.

First and foremost, it is important to keep all systems up to date. Systems that are not patched are the first point of attack.

Strategies against ransomware attacks

Regularly backing up critical data and workloads is extremely important. In the event of a failure, the data or the machine can be easily restored. Since ransomware can also attack backups, it is important to use immutable storage and immutable backup solutions. Immutable technology prevents ransomware from making changes (encrypting) to files.

Implement strong security measures from endpoints and networks to various servers. These measures include hosted and network firewalls, advanced threat detection, IDS (Intrusion Detection System), IPS (Intrusion Prevention System), incident response plans, encryption, and data security.

You should implement strong password policies and use multi-factor authentication.

All of this is important, but if you do not provide adequate security awareness training, you are at high risk. We strongly recommend that you continuously provide cybersecurity training to your employees and teach them how to prevent social engineering and phishing attacks.

We recently published Cyber Security Report 2024 with an in-depth analysis of analysis of the current cyber threat landscape based on real-world data.

Organizations and technology are prone to change. This happens due to market trends, government regulations, or simply a change in the business model.

To be effective in their malicious operations, ransomware gangs adapt their business model.

One of the questions is what can trigger a change in the cyber malicious business model.

When ransomware infiltrates your network and systems, it attacks your data, encrypts it, and creates a .txt ransom note with instructions on how the victim can make the payment.

All payments are required in cryptocurrencies, mainly in Bitcoin.

Today, the spectrum of ransomware attacks is much broader, and ransomware groups are demanding more money.

And why? It offers them additional security and anonymity.

This is a challenge for governments and security vendors, as it prevents them from getting in and out of money transactions.

That means we need regulation for cryptocurrencies!

If governments were to introduce regulations for crypto-assets – and they are already looking into this – it would add regulation and control to the use of Bitcoin and other cryptocurrencies.

This would put ransomware groups in a tight spot as they would not be able to fund attacks with crypto assets.

When it comes to global crypto regulations, The International Organization of Securities Commissions has laid out its 18 recommendations for managing crypto assets.

In terms of regulations per country or region, the following countries have started the process: the European Union, Switzerland, the United Kingdom, Japan, India, the United Arab Emirates, South Africa, Singapore, the United States of America, and Canada.

Cybercriminals are prosecuted, but there is a lack of cross-jurisdictional takedowns of ransomware groups. In practical terms, this means that a ransomware group can operate from multiple countries, and prosecuting hackers from only one country would not be very effective.

What security researchers are calling for is better cross-jurisdictional cooperation between countries.

If legal action were taken against ransomware groups, these ransomware groups would probably have to leave the country and find another location.

To properly protect your cyber environment, use Hornetsecurity Security Awareness Service and Advanced Threat Protection to secure your critical data.

To keep up with the latest articles and practices, visit our Hornetsecurity blog now.

Ransomware is a type of malware that encrypts all kinds of data and asks the victim to pay a ransom to get their data back. If the victim does not want to pay, ransomware gangs expose the data piece by piece or sell it to interested parties on the dark web.

The father of ransomware, Joseph Popp, developed the first ransomware in 1989 and distributed it via a floppy disk. From 2005 to 2010, fake antivirus programs were very popular. Since then, ransomware has continued to emerge, targeting different infrastructures and industries.

Whenever a technology or market shifts to something else, ransomware gangs adapt their malicious business model and attack.

The future of ransomware will revolve around AI-driven attacks, more sophisticated ransomware attacks tailored to different targets and industries, more supply chain attacks, backup, double extortion, dark web auctions, and more.

To prevent this, we need to implement strong security measures from the endpoint to the servers and provide continuous cybersecurity training to employees.

Additionally, governments can help by improving cross-jurisdictional cooperation and preventing attacks through better laws. As cryptocurrencies are used to pay the ransom, regulation of crypto assets would also be beneficial.

This article looks at ransomware and some expectations for the future.

Artificial intelligence (AI) systems are highly developed computer programs that mimic and outperform human intelligence in terms of learning and decision-making, but they do so remarkably quickly and accurately. AI learns by examining vast volumes of data and looking for patterns, much like a human may practice a new skill to get better at it.

This enables them to perform extraordinarily well in a variety of activities, including speech recognition, picture categorization, gaming, and even vehicle operation. To guarantee that its choices and results are proper, AI is still dependent on human direction and supervision at this time.

AI technology has grown significantly in the years changing various industries and applications. This rapid progress is thanks, to improvements in computing power data availability and machine learning techniques. An example that stands out is AlphaGo, a computer program created by DeepMind that defeated the world champion Go player, Lee Sedol in 2016. This achievement marked a milestone in AI advancement since Go was previously seen as complex for AI to conquer.

As AI becomes more integrated into life it boosts productivity, efficiency, and innovation. In healthcare AI-driven diagnostic tools show promise in disease detection such as cancer. Additionally, AI-based recommendation systems, on online shopping platforms have transformed the way we shop on the Internet.

Wherever AI systems play a role in a business or personal use, it’s necessary to address the vulnerabilities and ensure strong security measures are, in place. Protecting data and upholding privacy are aspects of AI security. Data breaches can have consequences like losses, damage to reputation, and risks to public safety.

To highlight the importance of AI security consider the issue of deepfake content. Deepfakes are AI-generated images, videos, or text that realistically impersonate people or events. These pose a threat to privacy and security, for example, deepfake videos depicting politicians making statements could be used to sway opinion or cause chaos during elections.

One notable incident occurred on May 22 2023 when a fabricated image showing an explosion near the Pentagon circulated on media briefly affecting the US stock market. The debunked image depicted smoke rising next to the US Department of Defense headquarters. Experts believe it was likely created using AI technology and serves as a warning, about the dangers of misinformation.

The incident involving Tay, Microsoft’s AI chatbot, in 2016 serves as an example of AI security concerns. Tay was initially programmed to learn from user interactions on Twitter. It quickly veered off course by posting inappropriate content within just 24 hours. It was later revealed that malicious users had manipulated Tay underscoring the necessity for security measures and the ethical advancement of AI technologies.

The emergence of AI has ushered in a myriad of advantages and prospects. It also underscores the significance of AI security. Safeguarding the secure progression of AI systems is imperative to safeguarding information upholding privacy standards and averting potential negative repercussions. Through efforts among researchers, developers, and policymakers we can foster a conscientious environment, for the future development of artificial intelligence.

AI technology holds promise in enhancing most aspects of our lives from healthcare to transportation, however, as advanced AI systems like ChatGPT continue to evolve and play roles in infrastructure they bring along new cybersecurity challenges that need immediate attention. Here are some key cybersecurity risks associated with AI;

AI systems heavily rely on amounts of data for learning and decision-making processes. The data these systems accumulate the more vulnerable they become to data breaches. For instance, in March 2023 Italys data protection authority imposed a ban on ChatGPT due to concerns over a data breach and the legality of using information to train the popular chatbot.

With AI expanding into sectors such as healthcare, education and finance the repercussions of breaches could have consequences. Privacy is also under threat as organizations collect data to train AI systems. Establishing policies and ensuring transparency regarding data collection and usage are steps, toward fostering trust in AI technologies.

As we move forward, towards automation, there is growing worry that AI might be utilized to increase cybersecurity risks or potentially create ones. For instance, AI could speed up cyber-attacks, such, as spamming, phishing attempts, malware distribution, and ransomware attacks. Additionally, AI could aid hackers in breaching systems by identifying vulnerabilities or devising intricate social manipulation tactics. Regulations are necessary to prevent, or at least minimize the misuse of AI as these harmful applications present a danger, to society.

AI can automate hacking and carry out cyberattacks with intervention. It can swiftly. Exploit vulnerabilities to infiltrate computer networks. Through “reinforcement learning ” AI systems can continuously enhance their techniques for breaching systems.

While the concept of AI weapons remains theoretical the potential risks they present in cyber warfare are significant. It is crucial to monitor cyberspace to detect any instances of AI being used for purposes and implement appropriate countermeasures.

As the use of AI technologies continues to grow maintaining cybersecurity measures is paramount. Establishing regulations, guidelines and best practices is essential to ensure that AI systems are transparent, unbiased, and safeguarded against entities. By implementing proper controls and effective oversight we can reap the benefits of AI technology while minimizing the threats posed by threat actors exploiting the technology that is supposed to help us.

However, it is imperative to take steps to prevent scenarios where malicious AI poses a greater threat, than our ability to counter it effectively.

AI technology is advancing rapidly playing a role, in systems and handling sensitive information. This has made ensuring the security of AI a priority. Here are some recommended practices for maintaining AI security;

• Implementing authentication and access control measures. Using factor authentication for accessing AI applications or infrastructure is essential. Access control policies should be robust regularly updated and follow the principle of privilege meaning employees should only have access to what they need for their roles. For instance, an AI system analyzing scans should have access controls in place with different credentials and permissions assigned to radiologists, nurses, researchers, and IT personnel. Regularly reviewing authentication and permissions is important to revoke access when employees leave the organization or change positions.
• Conducting security audits and updates for monitoring vulnerabilities in AI systems and machine learning models. Independent experts should regularly perform audits to detect any security issues or risks that may arise. Audits should cover all aspects of the AI system including the training data, models, APIs, software and infrastructure. Upon reviewing audit findings immediate action should be taken to address vulnerabilities update machine learning models and software apply security patches and re-engineer systems if necessary. For example, an AI service utilizing NLP should enhance its machine learning models with the defenses, against threats like spam and abuse while also addressing any bias that could be exploited by actors. Staying up to date on AI security practices is crucial.
• AI security awareness and training. From data scientists and engineers to executives and business users. It’s important to provide tailored security awareness programs and training sessions based on each employee’s role within the organization. For instance, AI developers should focus on building machine learning models and software while other staff members need to understand threats such, as engineering targeting AI systems and how to effectively engage with AI technologies. Continuous learning is vital as new vulnerabilities and risks arise in the evolving landscape of AI.
• Collaboration, among AI developers, researchers, and security experts. It involves an approach where close teamwork between AI engineers, machine learning researchers, and cybersecurity professionals is crucial. Than treating security as an afterthought developers and researchers need to collaborate with security teams to proactively address vulnerabilities. For example, machine learning modelers can seek advice from security experts during the training phase to mitigate risks such as data poisoning attacks. Once models are deployed security teams can conduct penetration testing to identify weaknesses and collaborate with researchers to retrain the models. This collaborative effort should continue even after AI systems are operationalized through teamwork sharing of knowledge and solving problems together.

To properly protect your cyber environment, use Hornetsecurity Security Awareness Service to train your employees to become aware of AI threats and assist in securing your critical data.

To keep up to date with the latest articles and practices, pay a visit to our Hornetsecurity blog now.

The advancement of AI in a secure and morally sound manner is greatly dependent on the cybersecurity industry. Cybersecurity professionals may assist society benefit from AI while reducing the risks of its malevolent use by forming interdisciplinary alliances, creating domain-specific protections, and advocating standards. AI’s future rests on including security early in the design process rather than as an afterthought. The enormous promise of autonomous and intelligent technology can be realized with preventative measures in place.

Artificial intelligence is the design of a computer, computer-controlled robots, or software that tries to replicate the human intellect. AI is developed through the study of brain cognition, which includes the distribution of knowledge, learning, and decision-making approaches to complex issues. Intelligence is linked to the absorption of fresh knowledge and its use in solving new complicated problems that in the future, intelligent robots may be able to complete several, if not all, of the tasks that people now do.

Artificial intelligence is the development and implementation of smart systems, computer programs, and computer equipment with a functionality equal to the human mind’s capacity. Computer science, psychology, and artificial intelligence are different. The difference between computer science and psychology is in an emphasis on perception, thought, and action, as opposed to psychology which concentrates on perception, thinking, and action on the other. This serves to enhance abilities by encouraging machine learning.

In recent years, artificial intelligence (AI) systems have grown exponentially, revolutionizing a wide range of applications and industries. The most recent research indicates that 35% of global companies use AI in their operations. Remarkably, 42% of businesses say they are investigating using AI in-house. In 2024, more than half of businesses intend to use AI technologies. This indicates that more than 77% of businesses are either utilizing AI or considering.

Increases in computing power, data ingestion, and storage have resulted in a rise in commercial and industrial applications of machine learning and artificial intelligence.

This deluge of data, feeds AI’s appetite because it makes it possible for it to examine and evaluate all it has learned to find new patterns and nuanced details. If new projects and issues are recognized and looked into as soon as possible this will result in more attacks being prevented. The work of security “experts” can focus on more high level, strategic tasks, leaving the AI systems to focus on spotting anomalies in large amounts of log data for example. Think about the team member with the most experience in security.

AI and machine learning algorithms may eventually one day surpass the intelligence of your top employees if you use it to train them. Your ten smartest employees can help you prepare machine learning and artificial intelligence programs, and the combined outcomes will be just as intelligent as they are.

Moreover, AI never needs to sleep, and it’s rapidly being developed.

The diverse aspects of AI, such as deep learning and unsupervised learning, may be advantageous in several cybersecurity domains. Artificial intelligence (AI) can automatically analyze and fix vast volumes of potentially dangerous data and identify future problems. Regrettably, threat actors might infiltrate target systems via a backdoor using the same AI technologies that are used to secure systems.

A growing number of attacks are leveraging AI-powered technology, and malware is often altering its appearance to evade detection, and to complete their agenda, sharpen their attacks, they use machinery that can generate large quantities of malware. AI and malware might be used by hackers to assess the target company’s defenses and plan future attacks. Here are some examples of how AI could improve organization’s cyber security postures:

Human error is a leading cause of cybersecurity failures. Despite a sizable IT workforce, managing system configurations efficiently remains challenging, especially with the rapid adoption of new technologies, teams handling network upgrades and maintenance often face overwhelming To Do lists. However, with assistance from AI and leveraging intelligent automation they can swiftly identify and resolve issues, providing timely support and recommendations.

Insufficient coordination among teams hampers efficiency, particularly in repetitive tasks like configuring endpoints. Manual interventions are often necessary due to misconfigurations or outdated settings, leading to delays and increased risks. AI-driven systems excel in promptly responding to evolving threats, maintaining vigilance even amid distractions that affect human beings.

Detecting and predicting fresh cyber threats involves taking preventative measures. A potential solution is through machine learning whereby past attack patterns and behaviors are analyzed to flag possible risks. They assist in speeding up response time as well as increasing awareness about threats among security personnel.

Adaptability is vital to the efficacy of security. The progressing security needs and technology can be tricky and time-consuming for human teams to keep up with and may therefore result in delays and inefficiencies. Solutions based on artificial intelligence can provide the adaptability to effectively customize security measures to individual demands. Businesses can formulate customized security solutions to handle changing threats if they have access to enough data and have trained their algorithms.

​The bottom line, the purpose of Artificial intelligence in cybersecurity is to develop a system that thinks and acts like humans, something that we’ve not achieved yet, and may not for quite some time. It is not a smooth transition to use AI-based solutions to solve a specific cybersecurity risk. Cybersecurity experts are typically not proficient with AI methods and their advantages. Because of this, the traditional method depends on human knowledge and manual labor until it is no longer sufficient. But when businesses do choose AI, they usually aim for and generally achieve the following advantages:

• AI Learns More over Time. Self-learning artificial intelligence (AI) has the potential to improve network security in the long term. To detect and categorize network patterns, AI uses machine learning and deep learning algorithms. Then, it will keep an eye out for anything out of the norm in terms of security and take necessary action. These kinds of trends may assist in making the world a safer place in the future. Such dangers may be identified and eliminated in a timely way. Hackers are seldom successful against their intelligence since it is always evolving.
• Artificial Intelligence Identifies Unknown Threats. There is a chance that no one individual can see every risk that their company confronts. Hackers may start an attack for a variety of causes and approaches. Unknown threats of this kind have the potential to inflict significant harm to a network. In terms of recognizing and mitigating previously unforeseen business threats from causing havoc, AI outperforms humans.
• AI Can Handle a Lot of Data. Even when there is a large amount of data to analyze, artificial intelligence can detect potential hazards. Within and outside of an organization, people are always talking and exchanging ideas. This data must be protected against harmful humans and computer programs. However, cybersecurity specialists’ ability to evaluate all data for dangers is limited. In this circumstance, artificial intelligence is the most effective approach since it can identify any concealed threats in the traffic.

To properly protect your cyber environment, use Hornetsecurity Security Awareness Service to train your employees to become aware of AI threats and assist in securing your critical data.

To keep up to date with the latest articles and practices, pay a visit to our Hornetsecurity blog now.

The basic goal of artificial intelligence is “success,” whereas “accuracy” is secondary. The purpose of handling difficult issues is to find intuitive answers. Decisions are made automatically in a real-world AI application. It seeks the most optimal solution to a problem rather than merely the one that follows logically from the available facts.

Highly mobile systems, particularly in the sphere of cybersecurity, seldom incorporate autonomous systems. The bulk of AI concepts revolve on fully autonomous systems; however, it is doable, and there are currently AI systems in place that might aid or supplement our security services. Clearly, AI cannot interpret data as effectively as humans can, but despite efforts to shift the field toward more human-like frameworks, full artificial intelligence (AI) is still a long way off since it needs computers to apply abstract concepts in a range of situations.

Current Artificial Intelligence systems are not quite as sophisticated as some would have you believe in terms of creative and critical thinking, but it provides a great addition to your defenses.

Cyber security risk management (Adobe Firefly AI)

In some ways cyber security risk is just like any other risk that businesses must factor in – geopolitical risks, natural disasters, supply chain challenges, regulation, and compliance risks and so forth.

This is important, because when you communicate with leadership in your organization, framing it in risk terms will yield much better results than using geek speak. On the other hand, cyber security risks can be very different to other risks as they’re often harder to quantify.

One way this can be seen is in cyber security insurance. Only a few years ago, this was a simple exercise (at least in smaller businesses) where you answered a limited number of questions around your security posture and were given insurance at a relatively low premium.

However, half a decade of “big game hunting” ransomware attacks with payouts in the millions have changed the insurance game considerably. Now, the questionnaire is much more comprehensive, and the premiums are much larger, with more exclusions and limitations– with some insurers even exiting the market.

The reason is that there’s not enough stable statistics for insurers to really work out the actual risk – compared to say the risk of a fire in an office building, or an earthquake in a particular area.

They have many decades of statistics in those areas to base their modelling on – whereas cyber security is such a rapidly changing landscape, where even organization with mature security practises and strong cyber hygiene still become victims of the criminals.

The best way for a business to tackle this problem is to develop a risk management plan and keep it alive with regular updates.

There are various frameworks you can base your plan on – and depending on which country or countries your business operates in, as well as the demands in regulatory frameworks that you must comply with, you might be locked into a particular one. Here we’re going to use NIST 800-30 to base the discussion on.

It’s got four steps:

1. Prepare for Assessment
2. Conduct Assessment
3. Communicate Results
4. Maintain Assessment

We’re going to focus on step 2 which has five tasks:

1. Identify Threat Sources and Events
2. Identify Vulnerabilities and Predisposing Conditions
3. Determine Likelihood of Occurrence
4. Determine Magnitude of Impact
5. Determine Risk

In other words, start by identifying threats which are circumstances or event that could potentially impact an organization’s operations.

Then you look at vulnerabilities which are weaknesses in a system, security procedure or implementation that a threat can exploit (think broader than just software bug vulnerabilities). And, since no organization is an island as we’ve learnt over the last few years of supply chain attacks, a vulnerability in a supplier or vendors system can impact your business.

When you combine the threats with the vulnerability you can then assess the consequences, if this threat takes advantage of this vulnerability, what will the consequence be?

Making a cyber risk management plan (Adobe Firefly AI)

In concrete terms, identify all your assets and prioritize them based on importance to the business. Then find all (known) vulnerabilities and threats in your environment. Apply security controls to mitigate vulnerabilities, based on the priority of the affected assets.

Then determine the likelihood of a threat event occurring and estimate the potential consequences. This is then a matrix of all the risks that you can use to prioritize and manage risk decisions and responses.

Three things to note here – first it’s really easy to write a paragraph like this, it’s a whole different ballgame to actually do it – particularly in a large business.

Secondly – identifying all vulnerabilities is impossible because there are so many that you don’t know about.

But the point is that you have to start somewhere, if you don’t bother to identify the known vulnerabilities, just because there are ones you don’t know about yet, you won’t get a version 1 of the plan, that you can then iterate on as more information comes to light.

And thirdly, this whole exercise isn’t something the IT department, or the security team can do on their own – this takes involvement by representatives from the whole organization, who’ll each have a view of the risks, vulnerabilities, and threats to their part of the business process.

Now that you have identified, prioritized, and assessed the risks, it’s time to start looking at the appropriate controls to mitigate these risks.

These range from low-tech approaches such as if the accounting department receives an email notification about a change of bank account details from a supplier, they follow up with a phone call to verify this (to a known phone number, not the one supplied in the potentially fraudulent email).

To address security flaws in systems and applications, apply patches as soon as possible, based on the business priority of the asset.

And to mitigate identity-based attacks, ensure that users are logging in using strong authentication such as MFA, and move towards phishing resistant systems such as Windows Hello for Business, Passkeys and FIDO 2 hardware keys.

There are many other risk mitigation approaches: to stop inadvertent data sharing, use a Data Loss Prevention tool, to maintain data governance use an Information Protection tool, to manage the risks from staff (either inadvertent or intentional) apply an Insider Risk process and tool, to minimize the risks from malicious emails use a strong email hygiene solution, and for times when these controls fail, ensure continuous Security Awareness training.

If you need to reign in data sharing, in general or if you’re preparing to roll out Copilot for Microsoft 365, use a good data governance tool.

Remember, this isn’t about new shiny tools that’ll solve all your security problems, it’s about having a plan, with both identified and prioritized risks and building mitigations to the risks just like you do in any other area of your business.

Fire is a risk in an office building, so you mitigate the risk by installing smoke detectors, fire extinguishers, and train your users with evacuation drills.

However, if you have a plant with flammable chemicals, the risk mitigation will include additional systems to minimize the risk. In the same way you must have baseline security controls to mitigate “normal” cyber risks, but more stringent controls for administrative accounts or Domain Controllers.

When calculating the potential monetary damage to your business don’t forget to include operational costs (time and effort to restore systems), perhaps the cost of the ransom itself if that’s the attacks and you do decide to pay, but also fines for non-compliance with regulations.

There’s the cost of loss of clients or potential new sales that won’t be realised, and the overall loss of trust which can be hard to quantify.

The plan is only version 1.0 once you have it in place – it’ll require continuous maintenance (quarterly reviews?) as vendors and suppliers change, IT systems are updated and changed, regulations are altered and the security landscape itself changes (daily).

Remember that there will be some risks that you can’t fully mitigate, at least not without investments far beyond the actual business value of the vulnerable assets, and these risks must be documented and accepted.