Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity News

Defense strategies for ransomware

By Maria Henriquez
ransomware-freepik1170x658.jpg
January 20, 2022

Ransomware has become all too common, with companies such as JBS USA, Colonial Pipeline, Kaseya, Brenntag, CNA Financial suffering ransomware attacks that echoed in the industry about the impact these attacks can have.

In 2021, there was a ransomware attack every 11 seconds, said Barry Yuan, Security Technical Solutions Architect at Cisco. “It was the most disruptive year to date, with the cost of ransomware totaling $20 billion. On average, it costs each victim up to 2 million to recover from an attack,” Yuan said in a session at the inaugural NSF Information Security Symposium: Compliance vs. Attack. The Symposium brought together world-class experts in data security to share valuable lessons learned to reduce cybersecurity threats. 

Acer’s ransomware attack, in which REvil ransomware operators demanded $50 million extortion, was one of the most impactful attacks, Yuan explained. “There were healthcare, government entities, universities, even security and cyber insurance companies, and all types of businesses, impacted by ransomware, demonstrating that these attacks are increasingly profitable.”

Defense Strategy for Ransomware

Yuan described the following defense strategies, key considerations and best practices cybersecurity leaders should have in place in order to protect or minimize the potential damage of ransomware attacks:

Backups

  • Backup recovery is the last line of defense
  • Key to avoid ransom
  • Critical for recovering with minimal data loss/ and or service interruption

Cyber insurance

  • Important to protect the business but not a defense mechanism
  • Insurance only pays if you are compliant
  • Insurance organizations require you to have a mature security program in place
  • Having a strong security investment can reduce insurance costs

Backups and cyber insurance aren’t proactive, but reactive measures, Yuan said. “Businesses cannot solely rely on backups and insurance, but they are still important to have.” In addition, Yuan offered the following proactive measures, which can help organizations avoid threats, and summarized them into different layers:

  1. Web Security, including email, web security and denial of service. Emails are the number one threat vector. “There are trillions of scams and phishing every year, so we can all agree that email security is a must-have for organizations. Our systems are only as strong as the weakest link, and the weakest link is always people who get tricked into clicking. Therefore, people influence security more than technology and policy.” To offset the threats, it’s important to have adequate awareness and training for employees. 
  2. Security monitoring. Visibility is key, Yuan said. “Many organizations suffer from lack of visibility,” he says. “Be aware of all entities in your network and have a baseline of what is normal. Having visibility and powerful analytics on top of it can help IT, and cybersecurity staff save time.”
  3. Segmentation, an architectural approach that divides a network into multiple segments or subnets, each acting as its own small network. This includes basic network hygiene, zero trust, multi-factor authentication, and more, and can help improve security and performance, Yuan said. 

All content from the Symposium will be available for on-demand viewing, beginning Monday, January 24, 2022. For more information, please visit www.nsf.org.

KEYWORDS: cyber insurance cyber security ransomware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • hands pull rope

    Revisiting de-escalation strategies for better safety and security

    See More
  • incident-response-freepik1170x658v6.jpg

    A 3-step approach to cyber defense: Before, during and after a ransomware attack

    See More
  • ransomware-enews

    A Good Backup Strategy: Your Best Defense Against Ransomware

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing