That means IT security teams should look to trusted third parties to provide the deep expertise and focus instead on policies, patching and designing a more secure infrastructure themselves.
“I think it’s time for IT leaders to not only understand the changing attacker behaviors of highly sophisticated and targeted attacks, but also its relation to their critical data and employee awareness,” said Momodou Jaiteh, application security consultant at nVisium.
Jaiteh noted that ransomware has been evolving the past few years, but significantly so in the past year, partly due to the sophistication and effectiveness of defensive approaches being adopted by some high-value targets.
“As ransomware attacks gets more and more sophisticated, they require advanced skillsets on the defensive side,” he explained. “With IT staff facing capacity issues due to a typical individual juggling multiple tasks, the necessary skills gap widens.”
Under these circumstances, IT security teams need to strategize how to best confront these threats – leveraging automation of routine tasks to free staff with advanced skills to pursue attackers and combat ransomware and other threats.
In addition, Jaiteh said leveraging more specialized external resources to defend against ransomware can help fill that gap.