Are IT leaders losing the fight against ransomware?

It's a never-ending circle of madness, and hopefully somebody is going to get their head around it one of these days. I know as IT and security people, we can do better, and I know we're going to have some solutions out there in the future instead of just being reactive to everything. I attended a virtual conference recently and every session was about ransomware. Every single solution was, "Make sure you have a good backup system." That's part of the solution, but it's not the full thing. What's stopping it? Where's the zero trust? Where's the protection of all your assets?  Let's separate everything in VLANs. That's what we did for biotech and pharma companies too. Was that effective? For the most part. But we had million dollar robots sitting on this particular VLAN, and they're controlled by Windows XP or Windows 7 machines that are dictated by the vendor. You can't upgrade them, you can't put Anti Virus on them and you can't patch Windows. What do you do in those situations? We had to knock them off the internet and deny them access, but when the vendor technician came in to fix it, they'd stick their USB drive in there and blow up the whole machine. Then we'd be down for three days while they were rebuilding the Windows machine.

Anonymous Author
It's a never-ending circle of madness, and hopefully somebody is going to get their head around it one of these days. I know as IT and security people, we can do better, and I know we're going to have some solutions out there in the future instead of just being reactive to everything. I attended a virtual conference recently and every session was about ransomware. Every single solution was, "Make sure you have a good backup system." That's part of the solution, but it's not the full thing. What's stopping it? Where's the zero trust? Where's the protection of all your assets?  Let's separate everything in VLANs. That's what we did for biotech and pharma companies too. Was that effective? For the most part. But we had million dollar robots sitting on this particular VLAN, and they're controlled by Windows XP or Windows 7 machines that are dictated by the vendor. You can't upgrade them, you can't put Anti Virus on them and you can't patch Windows. What do you do in those situations? We had to knock them off the internet and deny them access, but when the vendor technician came in to fix it, they'd stick their USB drive in there and blow up the whole machine. Then we'd be down for three days while they were rebuilding the Windows machine.
1 upvotes
Anonymous Author
We've now mostly moved away from VPN and using dual factor authentication and all the applications, but what worries me the most is the applications and the services that we've built talking to each other. We have a handful of users with VPN access, and those are always the worrisome ones, but those are the folks within IT. We still need to figure out how to secure them. We do our best and as a practice, we stress that everyone does only what they really need to do on those machines using VPN. No personal work can be done on those machines, not even checking personal emails. We’re extra cautious, but the risk is there.
2 upvotes
Anonymous Author
Win or lose here is somewhat grey. At individual battles level, some battlers are won by IT organizations, and some by ransomware entities. But the war continues on and I think it will continue for the foreseeable future. Those ransomware are going to be here for some time.  The challenge here is to be a couple of steps ahead of them and have a robust mitigation plan in place if you end up losing in one of those battles.
1 upvotes
Anonymous Author
It's not a single battle that's being forward. At the same time they're trying to defend against ransomware they're also fighting: Stakeholder complacency Investor aversion Decision paralysis And at the end of it is a regular member of staff who clicks the wrong thing because they don't know any better.
0 upvotes