# Opener

Why Are Organizations Losing the Ransomware Battle?

Published by Axio

Axio Senior Cybersecurity Advisor, Richard Caralli’s recent article in Dark Reading, Why Are Organizations Losing the Ransomware Battle? examines the growing problem of ransomware attacks, emphasizing that many organizations are losing this battle not because of increasingly sophisticated attacks but due to failures in implementing and maintaining basic cybersecurity practices.

Despite substantial investments in cybersecurity, many companies are still vulnerable to ransomware because they have not institutionalized foundational practices or ensured their effectiveness over time. Caralli argues that even when these basic controls are implemented, a “set and forget” mentality often leads to their gradual ineffectiveness, leaving organizations exposed to preventable threats.

One of the main issues Caralli identifies is that organizations may implement foundational cybersecurity measures like two-factor authentication (2FA) but fail to ensure their ongoing performance. For instance, while 2FA is widely recognized as a critical control, its absence or inadequate implementation has led to major breaches, such as the ransomware attack on UnitedHealth Group/Change Healthcare, which impacted patient data and disrupted healthcare services. Caralli points out that foundational practices must be actively managed and regularly validated to ensure they remain effective against evolving threats, rather than simply being put in place once and assumed to be functioning indefinitely.

To build resilience, Caralli recommends three key actions: recommit to foundational practices, institutionalize them, and measure their effectiveness continuously. Recommitting involves going back to basics and ensuring essential controls like 2FA are fully implemented across all critical systems. Institutionalizing these practices means embedding them deeply into organizational culture and processes, ensuring they are supported by sufficient resources, policies, and accountability measures. It also involves documenting practices, resourcing them adequately, and regularly reviewing their performance. This institutionalization ensures that even as infrastructure and threats evolve, the foundational defenses remain robust.

Finally, Caralli emphasizes the importance of performance management in cybersecurity. Relying solely on frameworks like the NIST Cybersecurity Framework without measuring the effectiveness of their implementation can give organizations a false sense of security. Regular assessments and performance measurements are crucial to understanding the real-world effectiveness of cybersecurity controls and identifying areas that need improvement. Without active performance management, organizations risk overestimating their cybersecurity capabilities and being caught off-guard by ransomware attacks.

Caralli’s insights underscore the need for a proactive, performance-driven approach to cybersecurity that focuses on getting the basics right and maintaining their effectiveness over time.

Interested in learning about our latest research and insights? Subscribe to our newsletter below:

Newsletter Sign-up