Associate Fellow, Saïd Business School, University of Oxford
In 2020, the number of companies that were victims of ransomware grew seven-fold. According to cybersecurity company Trustwave, those types of attacks are now the most common security incident.
With the onset of COVID-19, the majority of companies quickly pivoted to allow remote working. But distributed infrastructure and a decentralised workforce have added new vulnerabilities to company networks. It turns out that hackers like working from home as much as employees do.
Ransomware attacks run the gamut of targets. ZDNet reports that they’ve overtaken credit card theft as the top form of cyber crime. Banks are more vulnerable than ever. Larger companies face long downtimes after being hit with a ransomware incident – often taking weeks to restore systems.
Ransomware attacks will continue to threaten companies and executives – with staggering implications for operations, critical systems and even long-term company valuations. What can organisations, especially banks, do to prevent this and reduce the business continuity risks that come with ransomware attacks?
Training changes everything
Every business leader needs models and frameworks to be able to make sensible decisions. According to Wombat Security, an incremental investment in security training results in a median reduction in the annualised risk of phishing attacks by approximately 50% and a median annual return on investment of about five times.
In a recent report published by Accenture, the speed with which organisations find security breaches is faster for those who provide higher levels of training. The best at training found 52% of security breaches in less than 24 hours, compared with only 32% of the rest. How long it takes to resolve a security breach is also an aspect of better training. For leaders who have received training, 65% of all security breaches are fixed within 15 days.
While progress has been made in improving cybersecurity across the ecosystem, the increased complexity, pace, scale and interdependence overwhelms current defences. Companies require new cybersecurity tools as well as an understanding of how to deploy these new solutions. Without interventions and education, it will be difficult for business leaders to maintain integrity and trust in the emerging technology on which future global growth depends.
While progress has been made in improving cybersecurity across the ecosystem, the increased complexity, pace, scale and interdependence overwhelms current defences.
Choosing the right education
The ability to choose the right cyber security training will determine whether you will develop in your chosen direction and achieve your intended career goals. In addition to understanding the challenges and potential of cyber, the frameworks and vocabulary that enable strategic decision-making and the key competencies required to secure a cyber-resilient future, business leaders must also learn how to work more collaboratively across business functions. It is also important to learn from real-world examples and current industry leaders who have direct experience dealing with ransomware concerns, maintaining business continuity after an attack and managing cyber-risk whilst embracing digital opportunity.