Corvus Risk Insights Index

Ransomware Trends & Cyber Readiness

Q1 2022 Edition

Jason Rebholz

Chief Information Security Officer

A Note From Our CISO:

Welcome to the second edition of the Corvus Risk Insights Index, where we provide an in-depth look at cybersecurity — the market, landscape, and where we see trends moving. “Checkmate” is the closing term used in a game of chess to indicate a winner and a loser. While chess has a clearly defined start, middle, and end — where players leverage a static set of rules to build their strategy — cybersecurity, unfortunately, does not have that luxury. The security “chess board” is an ever-shifting landscape with rules that can change on a daily basis. Some days, the malicious actors have the advantage, forcing defenders to choose their moves wisely with the pieces they have. Other days, the defenders hold the advantage — until the next surprise move from the attackers. The game of cybersecurity is infinite, always changing, and always growing in complexity. In 2021, attackers had the first advantage. Significant zero days like Proxy Logon and ProxyShell, which affected Microsoft Exchange servers, and Log4Shell, which impacted Log4j, the popular Java-based logging package, caused a flurry of activity from defenders to patch systems before threat actors gained too much ground. Ransomware attacks crossed from the digital world into the physical world: the attack against Colonial Pipeline resulted in panic and gas shortages, while the attack on JBS Foods impacted an already strained supply chain. Third-party risk garnered increased attention with attacks against Kaseya software and Kronos, highlighting the systemic risk of one vulnerability or incident. The increase in media coverage has helped bring these attack vectors to the forefront — pulling together resources, even across countries, in an effort to mitigate future attacks. Defenders shared best practices and consolidated resources to support a more rapid global response — once again shifting the advantage back to the defenders. Which brings me to a key point: because the security threat landscape is ever-changing, it cannot be "won," as much as we might wish it. The goal is not to deliver a final move to trap your opponent — rather, it is a game of indefinite survival. There is no checkmate. Security is about mitigating risk and reducing the severity and downstream effects of an attack. It is about staying on top of emerging threats to minimize the gap between evolving attack vectors and implementing appropriate defenses. As technology advances, so too must our defense capabilities. We must stay on top of emerging risks, push for strong cyber hygiene, and share information to help keep everyone safe.