What ransomware challenges are on the horizon?
Sort by:
Once we're able to fully automate it, we'll be more worried about Skynet then.
I have a threat hunting team as part of my organization and this has been a classic problem for years, even in previous careers. You find hygiene issues more than you find actual threats. You find things that look worse than they are just because somebody had been doing something stupid for however long.
It's the adversary’s job to figure out what to do next to get what they want, which is how they stay in business. When you think about it through that lens, it's a competition of creative forces: bad actors compete to get an outcome on their side, while we compete to prevent it. Ransomware is not going away. I pay close attention when there's a major strategic shift in what motivates the adversary. Shifts in tactics, techniques and procedures (TTPs), are predictive of what's coming next.
I hold a ransomware round table every month and nobody agrees on what the best solution is, which is probably because there isn't one. It’s more likely that the resolution will be a multi-tiered approach. Solutions from major cybersecurity companies are getting better, but only slightly. They’ll make minor improvements, but they don't solve the problem.
I’ve heard folks debate automation as a solution. Some people think we need automated systems looking at screens rather than SOC analysts, because they do it a lot better than humans can. I agree with that in part, but we can't automate everything because we're not quite there yet. We still have the old threats. We can automate new threats and find those, but we still have to hunt for the old ones that still exist in our environment.