Most companies have strong perimeter defences and adopt advanced strategies like Zero Trust network models. They manage patches effectively, conduct regular employee training, and run tabletop exercises and simulations for their Incident Response (IR) teams.
Yet, despite these defences, cyber-attacks still occur, often because of the human element. Among the many cyber threats, the one that worries me most is ransomware. Why? Because it can bypass even the best security measures—all it takes is a user clicking on a phishing email.
The fear of ransomware keeps me up at night. That’s why in addition to user awareness training and leveraging the MITRE ATT&CK framework, there are several technical and procedural strategies that can help mitigate phishing attacks, which are often the gateway to ransomware.