Ransomware has become all too common, with companies such as JBS USA, Colonial Pipeline, Kaseya, Brenntag, CNA Financial suffering ransomware attacks that echoed in the industry about the impact these attacks can have.

In 2021, there was a ransomware attack every 11 seconds, said Barry Yuan, Security Technical Solutions Architect at Cisco. “It was the most disruptive year to date, with the cost of ransomware totaling $20 billion. On average, it costs each victim up to 2 million to recover from an attack,” Yuan said in a session at the inaugural NSF Information Security Symposium: Compliance vs. Attack. The Symposium brought together world-class experts in data security to share valuable lessons learned to reduce cybersecurity threats. 

Acer’s ransomware attack, in which REvil ransomware operators demanded $50 million extortion, was one of the most impactful attacks, Yuan explained. “There were healthcare, government entities, universities, even security and cyber insurance companies, and all types of businesses, impacted by ransomware, demonstrating that these attacks are increasingly profitable.”

Defense Strategy for Ransomware

Yuan described the following defense strategies, key considerations and best practices cybersecurity leaders should have in place in order to protect or minimize the potential damage of ransomware attacks:


  • Backup recovery is the last line of defense
  • Key to avoid ransom
  • Critical for recovering with minimal data loss/ and or service interruption

Cyber insurance

  • Important to protect the business but not a defense mechanism
  • Insurance only pays if you are compliant
  • Insurance organizations require you to have a mature security program in place
  • Having a strong security investment can reduce insurance costs

Backups and cyber insurance aren’t proactive, but reactive measures, Yuan said. “Businesses cannot solely rely on backups and insurance, but they are still important to have.” In addition, Yuan offered the following proactive measures, which can help organizations avoid threats, and summarized them into different layers:

  1. Web Security, including email, web security and denial of service. Emails are the number one threat vector. “There are trillions of scams and phishing every year, so we can all agree that email security is a must-have for organizations. Our systems are only as strong as the weakest link, and the weakest link is always people who get tricked into clicking. Therefore, people influence security more than technology and policy.” To offset the threats, it’s important to have adequate awareness and training for employees. 
  2. Security monitoring. Visibility is key, Yuan said. “Many organizations suffer from lack of visibility,” he says. “Be aware of all entities in your network and have a baseline of what is normal. Having visibility and powerful analytics on top of it can help IT, and cybersecurity staff save time.”
  3. Segmentation, an architectural approach that divides a network into multiple segments or subnets, each acting as its own small network. This includes basic network hygiene, zero trust, multi-factor authentication, and more, and can help improve security and performance, Yuan said. 

All content from the Symposium will be available for on-demand viewing, beginning Monday, January 24, 2022. For more information, please visit www.nsf.org.