In this 7 Minutes on ITSPmagazine, we discuss the dilemma of ransom payments, revealing why 78% of organizations opt to pay, and examine the role of Board support in these decisions. We also delve into the long-term effects of ransomware attacks and explore strategies to prevent future incidents.
Semperis, a pioneer in identity-driven cyber resilience has published the results of its global ransomware study of nearly 1,000 IT and security professionals at organisations spanning multiple industries across the US, UK, France, and Germany. The study aims to understand the prevalence, frequency and costs of ransomware attacks—in both ransom payments and collateral damage. The results highlight an alarming trend toward multiple, sometimes simultaneous attacks, forcing business leaders to re-evaluate their cyber resilience strategies to address common points of failure, including inadequate identity system backup and recovery practices. Organisations must ensure they have appropriate controls to withstand attacks where possible, however assume a mindset that at some point they will have to recover from a catastrophic outage and therefore have a tried and tested plan to recover business operations. Given the criticality of Active Directory, firms need a dedicated means of backing up and recovering Active Directory to recover from attacks with integrity and at speed. However, according to our survey, just 23% of UK respondents stated that they have dedicated, Active Directory–specific backup systems.
Now, more than ever, modernised threats require modernised defences prioritised on the most critical assets – which is the identity platform - and for most organisations this is Active Directory. Semperis is a pioneer in managing and protecting the identity credentials of enterprises' hybrid environments and was purpose-built for securing AD. Semperis provide a portfolio of products including a free tool - Purple Knight - which organisations use to uncover unknown vulnerabilities, communicate security posture to leaders and other teams, compensate for lack of inhouse AD skills, prepare for other assessments including pen tests, and garner more resources for AD security improvements.
The full ransomware study, which includes breakdowns of responses by vertical market and by country, is available at https://itspm.ag/semper6u3w
Learn more about Semperis: https://itspm.ag/semperis-1roo
Note: This story contains promotional content. Learn more.
Guest: Simon Hodgkinson, Strategic Advisor, Semperis [@SemperisTech]
On LinkedIn | https://www.linkedin.com/in/simon-hodgkinson-6072623
Resources
Learn more and catch more stories from Semperis: https://www.itspmagazine.com/directory/semperis
Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs
Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/
Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
The Critical Role of Identity in Creating Effective Ransomware Attack Defense and Broader Business Resilience Strategies | 7 Minutes on ITSPmagazine | A Semperis Short Brand Story with Simon Hodgkinson
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
Sean Martin: [00:00:00] Here we are ready for another seven minutes on ITSB Magazine with a new short brand story. Today I'm joined by Simon Hodgkinson, a strategic advisor at Symparis, the pioneer of identity driven cyber resilience for cross cloud and hybrid environments providing threat monitoring, incident response, and disaster recovery solutions for the enterprise directory services.
Welcome, Simon. It's always a great pleasure to chat with you.
Simon Hodgkinson: Hey, delighted to be with you, Sean. Thanks for the opportunity.
Sean Martin: Yeah, good, good stuff. And, uh, even more fun when there's an added bonus of some new research and data to help us understand where we sit with respect to risk management. And, and you get to talk to all kinds of cool people and, and I'm hoping you can shed some light on, uh, some new stats that you've uncovered with the ransomware, uh, report from some Paris.
Um, This is going to be about ransomware rooted in identity. And, uh, it continues to be a thorn in our side ransomware and in [00:01:00] terms of business intact, but also in terms of cost, which includes paying the ransom. And it seems like we were kind of stuck in that world of. So what are, what are some of the things you're seeing and hearing?
Simon Hodgkinson: Yeah, sure. And I mean, the report really elevates the fact that, um, ransomware continues at, uh, at a pace and, uh, and, and really interesting. There's some really interesting facts in the report, kind of, uh, people that were hit by ransoms. 74 percent of those attacked were hit multiple times, and I think that is often not talked about in the in the community.
Um, and also comes back to the the the advice on not. Paying. I mean, um, you know, a lot of the times that organizations have actually paid the ransom. They've been hit multiple times within the same 12 months and sometimes within days of it as well. So, um, you know, there's a big debate in the industry.
Should you pay or shouldn't you? Um, and [00:02:00] we can talk a little bit more about the need for resilience.
Sean Martin: You read my mind because I want to talk about resilience. It even leading up from RSA conference a number of months back, resilience continues to be a topic. And I think it's it's a result of the CIO and the rest of the executive suite, um, Being more cognizant of what cyber risk means and its impact on resilience to the business.
So what are you, what are you hearing in that regard as well?
Simon Hodgkinson: Well, I'm glad you said business resilience, actually, Sean, because I think too many people are still using the language of cyber resilience. Cyber is just a business risk. And actually, what we need to do is educate the executives that actually, this is all about protecting the business outcomes.
So make making sure your organizations are operationally and business resilient. Um, and You know, in order to do that, you kind of need to understand what is the outcome you're delivering as a business. What is the end to end [00:03:00] business process that actually satisfies a delivery of that outcome, whether it's selling fuel to people or, or, or selling goods or banking or what have you.
And, um, in understanding that you can prioritize the things you need to kind of protect the most and an interesting you mentioned identity at the start of this. It's, um, at the core of everybody's digital ecosystem is the identity platform. If the identity platform doesn't exist. A business won't be able to deliver its ultimate outcome, and every business now is really a digital business.
Um, you know, there's not many organizations that don't have a digital ecosystem, and the vast majority of that digital ecosystem runs on the identity platform. And for North, north and 95 percent of the organizations out there. That's like active directory, a 25 year old piece of technology. Um, there's not many, uh, many technologies that I've been in the industry longer [00:04:00] than, um, you know, it's, uh, and, uh, and some, uh, sorry, active directories up there.
Sean Martin: It certainly is. And, and it happens to also be at the core. Of, uh, the ransomware attacks. Cause the, the directory holds the access controls and the rights to what people and machines, right. And, and applications these days as well can access and do. So that's a prime target for ransomware.
Simon Hodgkinson: It is the target.
Every, uh, every actor, threat actor, uh, ultimate goal is to own active directory because once you own active directory, you've got a pass to everywhere in the organization, whether that's to create some kind of destructive event and an availability event, um, such that you can't deliver the technology, for example.
Because the digital ecosystem is down or whether it's from a, uh, data exfiltration perspective, you know, if you can elevate privileges to domain, uh, admin, you've got access to all areas and [00:05:00] therefore you can create the maximum damage, as I said, whether it's data exfiltration or an availability event, like destructive malware or ransomware.
Um, you know, that's, uh, that's what the actors are after.
Sean Martin: And our organizations. I presume a lot of them are, but, uh, do we have a good enough handle? Maybe the reports suggest otherwise that we're not getting a good handle on the connection between identity and ransomware. We're continuing to pay and continuing to get hit multiple times.
How does some Paris and more specifically the, the purple night offering, which I think we, we spoke about this a while back, how, how does it help organizations identify the risk and, and, and get a handle on ransomware in their, in their aggression?
Simon Hodgkinson: Yeah, well, purple nights, a great piece of community software.
Um, it's it's a fantastic piece of software that tells you about your indicators of exposure and your indicators of compromise. It's a it's a one off assessment that will tell [00:06:00] you in really clear language what you need to do to fix those biggest, biggest vulnerabilities. But to answer your question, I don't think people are paying enough attention to that end to end digital ecosystem and how you can recover from it.
So, you know, for most organizations, if they have a ransomware event where they can't recover the systems, they're going to pay the ransomware. Otherwise it's a existential event for them. So it's critical that people have a plan to recover from these events. and not pay the ransom. Um, you know, a considerable amount of, uh, people who paid 35 percent of victims who paid the ransom, um, didn't receive the decryption keys or they didn't work.
So you have to have a recovery capability as well. And, and Sempris is at the forefront of, um, the backup and recovery of AD in, uh, in with integrity and in an agile mode.
Sean Martin: Recovery equals resilience and, uh, [00:07:00] that impacts the business. And that's seven minutes here on ITSP magazine.