Where Is Ransomware Most Prevalent?
Fact: Over 50% of ransomware attacks are introduced to networks via internal enterprise or IT networks. Strive’s VP of Cybersecurity & Compliance, Dominick Birolin, CISSP, CISA, NSE3, explains how the best way to prevent ransomware attacks is to have a formal cybersecurity process in place.
I think that ransomware is most prevalent in Industrial Control System environments due to the culture of not having proper cybersecurity controls in place to mitigate against the propagation and the infiltration. You have to remember that over 50% of attacks actually are introduced to networks via your enterprise or IT network, and then they propagate across to the OT ICS boundary.
It used to be that these networks were air gapped, but that’s no longer the case. The need to pull data out of these networks has increased attack vectors that we previously hadn’t seen.
Security is not convenient. You do have to be diligent about the way you approach your defense in depth. Within these networks, the culture is to run lean and to remain operational. This makes it increasingly difficult to apply cybersecurity controls such as patch mitigation, perimeter defense, network segmentation, etc.