![\"\"](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2021\/10\/202110-IG-TalesOfITTerror-1024x1024.png\")
<\/figure>\n\n\n\nTop 3 Scariest Scenarios (and Why They\u2019re So Scary)<\/strong><\/h2>\n\n\n\nSurvey Background<\/h3>\n\n\n\nFirst, to give you a better picture of who we talked to and how they answered, we\u2019ll briefly cover our survey methods.<\/p>\n\n\n\n
JumpCloud conducted this survey in October 2021 via Propeller Insights with 509 US and 503 UK respondents. In terms of office setup, 40.6% of respondents work in the office full time, 32.5% work fully remote and 30% work in a hybrid-remote environment.<\/p>\n\n\n\n
Among many other questions about their experience as an IT professional, we presented respondents with 9 different IT scenarios and asked them to rate them on a scale of most scary to least scary. The overall scores went from a not-so-frightening score \u2014 around 3,000 \u2014 all the way to a truly terrifying 6,500. Respondents\u2019 top IT fears were overwhelmingly listed as security breaches, hacker attacks, and ransomware attacks. <\/strong><\/p>\n\n\n\n
The rundown of all presented scenarios and their scores is as follows: <\/p>\n\n\n\n
![\"\"](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2021\/10\/202110-IG-TalesOfITTerror-SpectrumChart.png\")
<\/figure><\/div>\n\n\n\n- Security breaches: 6,381<\/em><\/li>
- Hacker attacks: 6,336<\/em><\/li>
- Ransomware attacks: 6,240<\/em><\/li>
- Cloud service outage: 5,071<\/em><\/li>
- ISP or CDN outage: 4,728<\/em><\/li>
- A down server: 4,641<\/em><\/li>
- Your device going down: 3,622<\/em><\/li>
- The boss\u2019s device going down: 3,571<\/em><\/li>
- A lost mobile device: 3,448<\/em><\/li><\/ol>\n\n\n\n
In addition, when asked whether they felt overwhelmed at work, only 13.4% respondents said no, and 32.1% answered neutrally. That left 54.5% of respondents reporting that they felt somewhat or very overwhelmed at work.<\/strong> This sets the scene of high-pressured environments where IT professionals are working diligently to fend off dangerous \u2014 and, often, likely \u2014 threats lurking around the corner. <\/p>\n\n\n\n
Because the top three threat scenarios far outranked the rest as the scariest, let\u2019s dive into those three scenarios, including what makes them so serious and how to defend against them. <\/p>\n\n\n\n
\n \n ![\"JumpCloud\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/10\/202110-IG-TalesOfITTerror-aspect-ratio-160-110.png\")
\n <\/div>\n \n \n Tales of IT Terror <\/p>\n
\n Find out what spooks IT professionals the most in this 2021 survey infographic. <\/p>\n <\/div>\n
\n Download Now<\/a>\n <\/div>\n<\/div>\n\n\n\n\n1. Security Breaches<\/strong><\/h3>\n\n\n\nSecurity breaches topped the list of scariest scenarios for respondents \u2014 and for good reason. As of September 30, 2021, this year\u2019s data breaches had already surpassed the total number of breaches in 2020 by 17%<\/a>. <\/p>\n\n\n\n
Why So Serious? <\/h4>\n\n\n\nSecurity breaches can encompass foul play as well as human error, which makes them doubly scary and particularly difficult to protect against. Effectively defending against security breaches requires a holistic approach that addresses employee security best practices, implements the right security solutions, adequately equips IT teams, and constantly looks for and addresses vulnerabilities. <\/p>\n\n\n\n
Notably, while malicious attacks account for many security breaches, the vast majority \u2014 88% of them<\/a> \u2014 are caused by human error. And the consequences can be severe: one respondent reported that this year, they lost \u00a3500,000 in a hack that was executed when an employee clicked on a malicious link. And this is actually a bit lower<\/em> than the average cost of a data breach, which hit $4.24 million<\/a> this year.<\/p>\n\n\n\n
Building Your Defense: Don\u2019t Go in the Basement<\/h4>\n\n\n\n![\"Creepy](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2021\/10\/the-blowup-SARBImJK0Eo-unsplash-216x300.jpg\")
<\/figure><\/div>\n\n\n\nMost of us have seen enough scary movies to know (and the less horror-savvy have heard through the grapevine) that when there\u2019s something fishy going on, don\u2019t go in the basement. <\/em>And yet, characters continue to go into dark basements, creaky attics, and decidedly haunted cornfields. Why?<\/p>\n\n\n\n
What seems obvious to the expert often isn\u2019t to a lay person in the thick of things. IT professionals could probably recite the signs of phishing emails until they\u2019re blue in the face, and yet, phishing remained a recurring theme in our respondents\u2019 scariest IT encounters. <\/p>\n\n\n\n
Non-IT employees don\u2019t spend their days thinking about cybersecurity; they spend their days thinking about their role (and their life outside of it). Thus, IT teams need to focus heavily on enabling employees and communicating with them frequently, both to relay best practices and address issues as they arise. <\/p>\n\n\n\n
Fortunately, many companies have reportedly been doing their due diligence in this regard: the JumpCloud survey found that 81.8% of respondents\u2019 companies regularly communicate best security practices with employees. <\/p>\n\n\n\n
We\u2019ll address defending against the more malicious security breaches next.<\/p>\n\n\n\n
2. Hacker Attacks<\/strong><\/h3>\n\n\n\nHacker attacks were ranked the second scariest IT scenario. These attacks fall under a more specific and sinister type of security breach. While hacker attacks can<\/em> prey off of human error, they can also occur even when you and your team do everything right. Hacker attacks can\u2019t<\/em>, however, occur without the cybercrime component. So, what makes cybercrime so serious?<\/p>\n\n\n\n
Why So Serious? <\/h4>\n\n\n\nJust as you and your colleagues likely work to stay on top of IT trends, learn and adopt new technologies, develop new methods for accomplishing goals, and hone your skills on the job, so too do cybercriminals. In fact, cybercrime organizations often operate just like legitimate businesses, which means their employees (a.k.a. malicious hackers) are studying, learning, and growing their skills too. <\/p>\n\n\n\n
What\u2019s more, the coronavirus pandemic drove many companies to shift to remote work quickly. Cybercriminals have been studying these newly remote environments and learned to spot and exploit common vulnerabilities. For our respondents, where 32.5% worked fully remote and 30% worked in a hybrid remote environment, this poses some serious risks.<\/p>\n\n\n\n
Building Your Defense: Outsmart the Attacker<\/h4>\n\n\n\n![\"Magnifying](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2021\/10\/agence-olloweb-d9ILr-dbEdg-unsplash-300x199.jpg\")
<\/figure><\/div>\n\n\n\nSecuring your environment against hacking takes more than your traditional antivirus software and firewall (73% of hackers<\/a> say they\u2019re irrelevant). Because hacking is now so strategic and skillful, the only way to protect against it is to be one step ahead of the attackers. And that takes holistic, strategic, and up-to-date security.<\/p>\n\n\n\n
Implementing security that can outsmart hackers takes significant investments in time, effort, and money, and spans everything from network security solutions to identity and device management. And while the nature of holistic, strategic security means there\u2019s no one-size-fits-all template, there is an approach that you can \u2014 and should \u2014 implement and use as a guide: Zero Trust.<\/p>\n\n\n\n
Building Your Defense: Trust No One<\/h4>\n\n\n\n![\"Person](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2021\/10\/pexels-faisal-rahman-3820281-200x300.jpg\")
<\/figure><\/div>\n\n\n\nZero Trust security<\/a> is a security approach that was developed in response to perimeter security\u2019s decreasing efficacy in an increasingly cloud-based, SaaS-powered business world. Just as traditional antivirus software and firewalls can no longer be trusted, username\/password-based logins shouldn\u2019t be the only barrier to network and resource access. <\/p>\n\n\n\n
Zero Trust security operates by the mantra, trust nothing; verify everything,<\/em> and prescribes that no one should be authenticated or authorized without being verified securely. This goes for more than a user\u2019s initial login; users must verify themselves separately to access any corporate resource. In addition, Zero Trust security defines secure verification as more than just a password. Rather, it prescribes multi-factor authentication (MFA) everywhere<\/a>. <\/p>\n\n\n\n
Read more about securing your remote or hybrid environment with Zero Trust in our blog, Zero Trust Security for Digital Workspaces<\/a>. <\/p>\n\n\n\n
3. Ransomware Attacks<\/strong><\/h3>\n\n\n\nNot far behind hacking attacks or security breaches, ransomware ranked third most terrifying in terms of IT scenarios. Ransomware is a specific type of hacker attack that blocks access to critical assets and holds them for ransom, claiming they will return them in exchange for a sum of money.<\/p>\n\n\n\n
Everything about ransomware is sinister and scary, but a few factors make them particularly serious threats.<\/p>\n\n\n\n
Why So Serious?<\/h4>\n\n\n\n
First off, ransomware demands are usually high \u2014 in the first half of 2021, the average ransomware demand was $5.3 million<\/a>. And that\u2019s up 518% from last year, which averaged $847,000. <\/p>\n\n\n\n
While these big sums look like they\u2019re fit for big enterprises, that\u2019s not always the case, and small businesses aren\u2019t off the hook. Ransomware attackers go after everything from entire cities (like Baltimore<\/a>) to small businesses, which make up more than half<\/a> of ransomware victims. Over 70 of the survey respondents mentioned ransomware attacks or attempts when asked about their scariest IT experience in 2021 \u2014 one of which had ransomware come up on the company president\u2019s computer. Another reported a ransomware attack on their supply chain, causing national food and water shortages.<\/p>\n\n\n\n
But wait, we\u2019re not done scaring you yet.<\/p>\n\n\n\n
Without black market ransom funds powering your security teams, how can you compete? <\/p>\n\n\n\n
Building Your Defense: Let\u2019s Play a Game<\/h4>\n\n\n\n![\"Person](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2021\/10\/ryoji-iwata-5siQcvSxCP8-unsplash-300x200.jpg\")
<\/figure><\/div>\n\n\n\nThe defenses outlined above can help businesses defend against ransomware. However, focusing on preventative measures without also planning response and mitigation measures in case of an incident is irresponsible. To fully defend your organization against ransomware, you\u2019ll also need to play out what would happen if your organization were hit with an attack. You can do this with table-top exercises (TTX). <\/p>\n\n\n\n
TTX is all too often overlooked, and it can be hard to gain traction for implementing TTX in an organization. However, table-top exercises are vital to preparing for attacks like ransomware where you need to be able to react quickly and correctly. <\/p>\n\n\n\n
Table-top exercises are not unlike role-playing games: a facilitator lays out a scenario (i.e., your organization is hit with ransomware), and participants are given free rein to react how they would in a real situation. These exercises help answer many questions and iron out kinks you may not have thought of, like: <\/p>\n\n\n\n
- Should you pay the ransom? (Experts usually advise against it). <\/li>
- If the ransom note appears on a non-IT person\u2019s computer, would they know to report it, and to whom? <\/li>
- If the ransomware limits device or application usage for remote workers, how will they communicate with one another? <\/li><\/ul>\n\n\n\n
In addition to solidifying response and mitigation plans, table-top exercises give employees (not just the IT department) exposure to incident response proceedings to familiarize them with what a scenario might look like, how it might unfold, and their role as well as others\u2019 roles to streamline communications during the process. <\/p>\n\n\n\n
Because TTX can be hard to implement in your organization and the first time can be intimidating, we\u2019ve written a blog to help you plan your first table-top exercise<\/a>, including overcoming common obstacles, planning the scenario, and facilitating the exercise.<\/p>\n\n\n\n
Why Weren\u2019t the Rest Very Scary?<\/strong><\/h2>\n\n\n\nThe rest of the scenarios presented were ranked far less scary than the top three above (a cloud service outage, an ISP or CDN outage, a down server, the respondent\u2019s device going down, the boss\u2019s device going down, and a lost mobile device). Why is that?<\/p>\n\n\n\n
Much like an old slasher flick you\u2019ve seen one too many times, these scenarios reflect problems that have become so commonplace that we know what to expect and how to handle them. Cloud-based infrastructure, SaaS services and remote work best practices arm businesses with workarounds, safeguards, and solutions to many of these issues. <\/p>\n\n\n\n
For one, many businesses have begun moving their infrastructure to the cloud, which takes their reliance on hardware off the table and leaves issues like down servers, personal computers, and mobile devices at the bottom of the list. <\/p>\n\n\n\n
This heavy reliance on cloud-based infrastructure explains cloud service outages coming in as the fourth-scariest scenario in the survey. However, it earned a much lower overall \u201cscariness\u201d score. Like the hardware issues listed, we\u2019ve seen and learned how to handle cloud service outages: while they\u2019re scary and inconvenient, we\u2019ve learned that they usually right themselves. Most cloud service providers are trusted global companies that have so many security and backup measures in place that it would be extremely rare for a cloud provider\u2019s outage to cause permanent damage to a company using their services. <\/p>\n\n\n\n
Similarly, while ISP and CDN outages can cause detrimental downtime, experience has taught us that the effects are rarely permanent. Just like cloud providers, ISPs and CDNs usually have extensive backups and security in place. Additionally, organizations that power mobile work can work around internet outages by allowing employees to work elsewhere and use a different network during the outage. <\/p>\n\n\n\n
How Organizations Are Responding<\/strong><\/h2>\n\n\n\nThe discrepancy in rankings between the top three scary scenarios and the rest of the scenarios presented reflects a continuation in business\u2019 shift towards cloud-based and SaaS solutions. It also indicates a dwindling reliance on hardware and legacy equipment.<\/p>\n\n\n\n
Fortunately, the survey showed that organizations are rising to meet the challenges the top threats pose. The vast majority of organizations have increased their IT budgets over the last year and plan to do so again next year: over 80% of respondents said remote work has increased their focus on security, and 75.1% said their organizations increased their IT budgets in the past year; only 6.2% said their budget decreased. 77.3% of respondents expect their budgets to increase next year. <\/p>\n\n\n\n
In the past three months, organizations have spent money on:<\/p>\n\n\n\n
- Cloud services (66.7%)<\/li>
- Security technologies (64%)<\/li>
- Collaboration tools\/software\/apps (58.5%)<\/li>
- Remote management technologies (56.9%)<\/li>
- Mobile technologies (49.8%)<\/li><\/ul>\n\n\n\n
These spending habits further suggest that organizations understand the importance of cloud technology as businesses move away from legacy equipment and toward a mobile, work-from-anywhere world. <\/p>\n\n\n\n
Shoring Up Your Defense: Understanding the Cloud Security Risk Landscape<\/strong><\/h2>\n\n\n\n![\"Hooded](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2021\/10\/bermix-studio-wJ7atxTNeQE-unsplash-239x300.jpg\")
<\/figure><\/div>\n\n\n\nIn the era of the cloud, cybercriminals are proving scarier than outages and hardware issues. In short, if you have a black hoodie lying around, you\u2019ve got the makings for the scariest costume at your Halloween parties this weekend (we hear this is the hacker uniform).<\/p>\n\n\n\n
While we\u2019ve provided a few defenses to get you started, your security shouldn\u2019t end there. Security in today\u2019s cloud-based and remote-enabled environment needs to be holistic, robust, and reliable. But it\u2019s impossible to build an adequate defense without first understanding what you\u2019re up against. Recently, our CISO sat down with VMware\u2019s Head of Cybersecurity Strategy to discuss cloud security risk in detail. Watch the full webinar<\/a> to learn from the experts about today\u2019s cloud security risk landscape and how to navigate it.<\/p>\n","protected":false},"excerpt":{"rendered":"
First, to give you a better picture of who we talked to and how they answered, we\u2019ll briefly cover our survey methods.<\/p>\n\n\n\n
JumpCloud conducted this survey in October 2021 via Propeller Insights with 509 US and 503 UK respondents. In terms of office setup, 40.6% of respondents work in the office full time, 32.5% work fully remote and 30% work in a hybrid-remote environment.<\/p>\n\n\n\n
Among many other questions about their experience as an IT professional, we presented respondents with 9 different IT scenarios and asked them to rate them on a scale of most scary to least scary. The overall scores went from a not-so-frightening score \u2014 around 3,000 \u2014 all the way to a truly terrifying 6,500. Respondents\u2019 top IT fears were overwhelmingly listed as security breaches, hacker attacks, and ransomware attacks. <\/strong><\/p>\n\n\n\n
The rundown of all presented scenarios and their scores is as follows: <\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n- Security breaches: 6,381<\/em><\/li>
- Hacker attacks: 6,336<\/em><\/li>
- Ransomware attacks: 6,240<\/em><\/li>
- Cloud service outage: 5,071<\/em><\/li>
- ISP or CDN outage: 4,728<\/em><\/li>
- A down server: 4,641<\/em><\/li>
- Your device going down: 3,622<\/em><\/li>
- The boss\u2019s device going down: 3,571<\/em><\/li>
- A lost mobile device: 3,448<\/em><\/li><\/ol>\n\n\n\n
In addition, when asked whether they felt overwhelmed at work, only 13.4% respondents said no, and 32.1% answered neutrally. That left 54.5% of respondents reporting that they felt somewhat or very overwhelmed at work.<\/strong> This sets the scene of high-pressured environments where IT professionals are working diligently to fend off dangerous \u2014 and, often, likely \u2014 threats lurking around the corner. <\/p>\n\n\n\n
Because the top three threat scenarios far outranked the rest as the scariest, let\u2019s dive into those three scenarios, including what makes them so serious and how to defend against them. <\/p>\n\n\n\n
\n\n\n <\/div>\n \n\n Tales of IT Terror <\/p>\n
\n Find out what spooks IT professionals the most in this 2021 survey infographic. <\/p>\n <\/div>\n
\n Download Now<\/a>\n <\/div>\n<\/div>\n\n\n\n\n1. Security Breaches<\/strong><\/h3>\n\n\n\n
Security breaches topped the list of scariest scenarios for respondents \u2014 and for good reason. As of September 30, 2021, this year\u2019s data breaches had already surpassed the total number of breaches in 2020 by 17%<\/a>. <\/p>\n\n\n\n
Why So Serious? <\/h4>\n\n\n\n
Security breaches can encompass foul play as well as human error, which makes them doubly scary and particularly difficult to protect against. Effectively defending against security breaches requires a holistic approach that addresses employee security best practices, implements the right security solutions, adequately equips IT teams, and constantly looks for and addresses vulnerabilities. <\/p>\n\n\n\n
Notably, while malicious attacks account for many security breaches, the vast majority \u2014 88% of them<\/a> \u2014 are caused by human error. And the consequences can be severe: one respondent reported that this year, they lost \u00a3500,000 in a hack that was executed when an employee clicked on a malicious link. And this is actually a bit lower<\/em> than the average cost of a data breach, which hit $4.24 million<\/a> this year.<\/p>\n\n\n\n
Building Your Defense: Don\u2019t Go in the Basement<\/h4>\n\n\n\n
<\/figure><\/div>\n\n\n\nMost of us have seen enough scary movies to know (and the less horror-savvy have heard through the grapevine) that when there\u2019s something fishy going on, don\u2019t go in the basement. <\/em>And yet, characters continue to go into dark basements, creaky attics, and decidedly haunted cornfields. Why?<\/p>\n\n\n\n
What seems obvious to the expert often isn\u2019t to a lay person in the thick of things. IT professionals could probably recite the signs of phishing emails until they\u2019re blue in the face, and yet, phishing remained a recurring theme in our respondents\u2019 scariest IT encounters. <\/p>\n\n\n\n
Non-IT employees don\u2019t spend their days thinking about cybersecurity; they spend their days thinking about their role (and their life outside of it). Thus, IT teams need to focus heavily on enabling employees and communicating with them frequently, both to relay best practices and address issues as they arise. <\/p>\n\n\n\n
Fortunately, many companies have reportedly been doing their due diligence in this regard: the JumpCloud survey found that 81.8% of respondents\u2019 companies regularly communicate best security practices with employees. <\/p>\n\n\n\n
We\u2019ll address defending against the more malicious security breaches next.<\/p>\n\n\n\n
2. Hacker Attacks<\/strong><\/h3>\n\n\n\n
Hacker attacks were ranked the second scariest IT scenario. These attacks fall under a more specific and sinister type of security breach. While hacker attacks can<\/em> prey off of human error, they can also occur even when you and your team do everything right. Hacker attacks can\u2019t<\/em>, however, occur without the cybercrime component. So, what makes cybercrime so serious?<\/p>\n\n\n\n
Why So Serious? <\/h4>\n\n\n\n
Just as you and your colleagues likely work to stay on top of IT trends, learn and adopt new technologies, develop new methods for accomplishing goals, and hone your skills on the job, so too do cybercriminals. In fact, cybercrime organizations often operate just like legitimate businesses, which means their employees (a.k.a. malicious hackers) are studying, learning, and growing their skills too. <\/p>\n\n\n\n
What\u2019s more, the coronavirus pandemic drove many companies to shift to remote work quickly. Cybercriminals have been studying these newly remote environments and learned to spot and exploit common vulnerabilities. For our respondents, where 32.5% worked fully remote and 30% worked in a hybrid remote environment, this poses some serious risks.<\/p>\n\n\n\n
Building Your Defense: Outsmart the Attacker<\/h4>\n\n\n\n
<\/figure><\/div>\n\n\n\nSecuring your environment against hacking takes more than your traditional antivirus software and firewall (73% of hackers<\/a> say they\u2019re irrelevant). Because hacking is now so strategic and skillful, the only way to protect against it is to be one step ahead of the attackers. And that takes holistic, strategic, and up-to-date security.<\/p>\n\n\n\n
Implementing security that can outsmart hackers takes significant investments in time, effort, and money, and spans everything from network security solutions to identity and device management. And while the nature of holistic, strategic security means there\u2019s no one-size-fits-all template, there is an approach that you can \u2014 and should \u2014 implement and use as a guide: Zero Trust.<\/p>\n\n\n\n
Building Your Defense: Trust No One<\/h4>\n\n\n\n
<\/figure><\/div>\n\n\n\nZero Trust security<\/a> is a security approach that was developed in response to perimeter security\u2019s decreasing efficacy in an increasingly cloud-based, SaaS-powered business world. Just as traditional antivirus software and firewalls can no longer be trusted, username\/password-based logins shouldn\u2019t be the only barrier to network and resource access. <\/p>\n\n\n\n
Zero Trust security operates by the mantra, trust nothing; verify everything,<\/em> and prescribes that no one should be authenticated or authorized without being verified securely. This goes for more than a user\u2019s initial login; users must verify themselves separately to access any corporate resource. In addition, Zero Trust security defines secure verification as more than just a password. Rather, it prescribes multi-factor authentication (MFA) everywhere<\/a>. <\/p>\n\n\n\n
Read more about securing your remote or hybrid environment with Zero Trust in our blog, Zero Trust Security for Digital Workspaces<\/a>. <\/p>\n\n\n\n
3. Ransomware Attacks<\/strong><\/h3>\n\n\n\n
Not far behind hacking attacks or security breaches, ransomware ranked third most terrifying in terms of IT scenarios. Ransomware is a specific type of hacker attack that blocks access to critical assets and holds them for ransom, claiming they will return them in exchange for a sum of money.<\/p>\n\n\n\n
Everything about ransomware is sinister and scary, but a few factors make them particularly serious threats.<\/p>\n\n\n\n
Why So Serious?<\/h4>\n\n\n\n
First off, ransomware demands are usually high \u2014 in the first half of 2021, the average ransomware demand was $5.3 million<\/a>. And that\u2019s up 518% from last year, which averaged $847,000. <\/p>\n\n\n\n
While these big sums look like they\u2019re fit for big enterprises, that\u2019s not always the case, and small businesses aren\u2019t off the hook. Ransomware attackers go after everything from entire cities (like Baltimore<\/a>) to small businesses, which make up more than half<\/a> of ransomware victims. Over 70 of the survey respondents mentioned ransomware attacks or attempts when asked about their scariest IT experience in 2021 \u2014 one of which had ransomware come up on the company president\u2019s computer. Another reported a ransomware attack on their supply chain, causing national food and water shortages.<\/p>\n\n\n\n
But wait, we\u2019re not done scaring you yet.<\/p>\n\n\n\n
Without black market ransom funds powering your security teams, how can you compete? <\/p>\n\n\n\n
Building Your Defense: Let\u2019s Play a Game<\/h4>\n\n\n\n
<\/figure><\/div>\n\n\n\nThe defenses outlined above can help businesses defend against ransomware. However, focusing on preventative measures without also planning response and mitigation measures in case of an incident is irresponsible. To fully defend your organization against ransomware, you\u2019ll also need to play out what would happen if your organization were hit with an attack. You can do this with table-top exercises (TTX). <\/p>\n\n\n\n
TTX is all too often overlooked, and it can be hard to gain traction for implementing TTX in an organization. However, table-top exercises are vital to preparing for attacks like ransomware where you need to be able to react quickly and correctly. <\/p>\n\n\n\n
Table-top exercises are not unlike role-playing games: a facilitator lays out a scenario (i.e., your organization is hit with ransomware), and participants are given free rein to react how they would in a real situation. These exercises help answer many questions and iron out kinks you may not have thought of, like: <\/p>\n\n\n\n
- Should you pay the ransom? (Experts usually advise against it). <\/li>
- If the ransom note appears on a non-IT person\u2019s computer, would they know to report it, and to whom? <\/li>
- If the ransomware limits device or application usage for remote workers, how will they communicate with one another? <\/li><\/ul>\n\n\n\n
In addition to solidifying response and mitigation plans, table-top exercises give employees (not just the IT department) exposure to incident response proceedings to familiarize them with what a scenario might look like, how it might unfold, and their role as well as others\u2019 roles to streamline communications during the process. <\/p>\n\n\n\n
Because TTX can be hard to implement in your organization and the first time can be intimidating, we\u2019ve written a blog to help you plan your first table-top exercise<\/a>, including overcoming common obstacles, planning the scenario, and facilitating the exercise.<\/p>\n\n\n\n
Why Weren\u2019t the Rest Very Scary?<\/strong><\/h2>\n\n\n\n
The rest of the scenarios presented were ranked far less scary than the top three above (a cloud service outage, an ISP or CDN outage, a down server, the respondent\u2019s device going down, the boss\u2019s device going down, and a lost mobile device). Why is that?<\/p>\n\n\n\n
Much like an old slasher flick you\u2019ve seen one too many times, these scenarios reflect problems that have become so commonplace that we know what to expect and how to handle them. Cloud-based infrastructure, SaaS services and remote work best practices arm businesses with workarounds, safeguards, and solutions to many of these issues. <\/p>\n\n\n\n
For one, many businesses have begun moving their infrastructure to the cloud, which takes their reliance on hardware off the table and leaves issues like down servers, personal computers, and mobile devices at the bottom of the list. <\/p>\n\n\n\n
This heavy reliance on cloud-based infrastructure explains cloud service outages coming in as the fourth-scariest scenario in the survey. However, it earned a much lower overall \u201cscariness\u201d score. Like the hardware issues listed, we\u2019ve seen and learned how to handle cloud service outages: while they\u2019re scary and inconvenient, we\u2019ve learned that they usually right themselves. Most cloud service providers are trusted global companies that have so many security and backup measures in place that it would be extremely rare for a cloud provider\u2019s outage to cause permanent damage to a company using their services. <\/p>\n\n\n\n
Similarly, while ISP and CDN outages can cause detrimental downtime, experience has taught us that the effects are rarely permanent. Just like cloud providers, ISPs and CDNs usually have extensive backups and security in place. Additionally, organizations that power mobile work can work around internet outages by allowing employees to work elsewhere and use a different network during the outage. <\/p>\n\n\n\n
How Organizations Are Responding<\/strong><\/h2>\n\n\n\n
The discrepancy in rankings between the top three scary scenarios and the rest of the scenarios presented reflects a continuation in business\u2019 shift towards cloud-based and SaaS solutions. It also indicates a dwindling reliance on hardware and legacy equipment.<\/p>\n\n\n\n
Fortunately, the survey showed that organizations are rising to meet the challenges the top threats pose. The vast majority of organizations have increased their IT budgets over the last year and plan to do so again next year: over 80% of respondents said remote work has increased their focus on security, and 75.1% said their organizations increased their IT budgets in the past year; only 6.2% said their budget decreased. 77.3% of respondents expect their budgets to increase next year. <\/p>\n\n\n\n
In the past three months, organizations have spent money on:<\/p>\n\n\n\n
- Cloud services (66.7%)<\/li>
- Security technologies (64%)<\/li>
- Collaboration tools\/software\/apps (58.5%)<\/li>
- Remote management technologies (56.9%)<\/li>
- Mobile technologies (49.8%)<\/li><\/ul>\n\n\n\n
These spending habits further suggest that organizations understand the importance of cloud technology as businesses move away from legacy equipment and toward a mobile, work-from-anywhere world. <\/p>\n\n\n\n
Shoring Up Your Defense: Understanding the Cloud Security Risk Landscape<\/strong><\/h2>\n\n\n\n
<\/figure><\/div>\n\n\n\nIn the era of the cloud, cybercriminals are proving scarier than outages and hardware issues. In short, if you have a black hoodie lying around, you\u2019ve got the makings for the scariest costume at your Halloween parties this weekend (we hear this is the hacker uniform).<\/p>\n\n\n\n
While we\u2019ve provided a few defenses to get you started, your security shouldn\u2019t end there. Security in today\u2019s cloud-based and remote-enabled environment needs to be holistic, robust, and reliable. But it\u2019s impossible to build an adequate defense without first understanding what you\u2019re up against. Recently, our CISO sat down with VMware\u2019s Head of Cybersecurity Strategy to discuss cloud security risk in detail. Watch the full webinar<\/a> to learn from the experts about today\u2019s cloud security risk landscape and how to navigate it.<\/p>\n","protected":false},"excerpt":{"rendered":"
![Download Now<\/a>\n <\/div>\n<\/div>\n\n\n\n\n](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2021\/10\/202110-IG-TalesOfITTerror-1.png\"){kind=link}