RiskRecon by MasterCard
By Kelly White, RiskRecon by Mastercard Founder
Over the last few years, ransomware attacks have escalated both in frequency and the scope of industries affected, and destructive ransomware events showcase how attacks damage other organizations beyond the initial target.
So, how can organizations manage their supply chain risks against cybersecurity threats and ransomware?
After cataloging and studying 1,454 publicly destructive ransomware events over eight years, we’ve put together key lessons for third-party risk management (TPRM) professionals.
Lesson 1: Do business with organizations that have good cybersecurity hygiene
Encouragingly, organizations with good cybersecurity hygiene have dramatically lower ransomware and data loss incident rates. Our study shows these firms have an incredible 35 times lower frequency of destructive ransomware events.
Coveware’s recent report supports our analysis. It highlights that from 2020 to 2023, almost half of the initial attack ingress vectors involved either exploiting unpatched software or unsafe network services.[1] These findings stress the importance of basic cybersecurity hygiene practices.
Unsurprisingly, organizations with poor security hygiene in their external surfaces provide easy initial entry vectors. They also likely lack the strong internal defenses needed to reduce ransomware risks. Conversely, organizations with rigorous security hygiene on externally observable systems and signals limit potential entry reports for cybercriminals. They are also more likely to have strong internal defenses.
Considering this, TPRM professionals should prioritize partners with strong cybersecurity measures to significantly reduce ransomware risks.
Lesson 2: Revisit your suppliers’ inherent risk ratings; criminals are targeting every sector
Ransomware threats are evolving dramatically, reaching beyond the traditional sectors of utilities, healthcare, and national governments. While healthcare companies remain primary targets — accounting for more than 18% of all destructive ransomware events — the range of victims has expanded significantly.
Now, ransomware affects casinos, hotels, local fire and police departments, agriculture, cruise lines, and even veterinary clinics.
Instead of evaluating suppliers solely on data or transaction sensitivity, consider which suppliers you depend on operationally. Expanding this focus will fortify your overall cybersecurity defenses.
Lesson 3: Ensure that your operationally important suppliers have 24 x 7 security operations
Criminal efforts are relentless. According to our analysis, nearly half (46%) of all ransomware detonations occur from Friday to Sunday. Organizations typically have fewer cybersecurity and IT professionals available during the weekend, which gives cybercriminals more opportunity to launch an attack before intervention.
For these same reasons, ransomware attacks during holidays are a prime target. Our analysis found that Veterans' Day had the highest holiday-related breach event frequency, running at 253% above average.
Responding to a ransomware event as quickly as possible is vital to limiting damage and speeding up the recovery of systems and operations. Ensure those suppliers you rely on have around-the-clock security operations.
Deeper Insights for TPRM Professionals
In our new white paper, The 2024 State of Ransomware, we dive deeper with two additional critical lessons. Plus, each lesson is thoroughly explored, supported by surprising statistics and include actionable advice tailored specifically to the needs of TPRM professionals.