Question: The Threat Intelligence Index is full of #1s — Manufacturing being the #1 targeted industry. APAC being the #1 targeted geographic region. What was the #1 action we saw threat actors take?

Andy Piazza: The number one action on the objective we saw threat actors take was the deployment of backdoors at 21%; ransomware came in second at 17%; and business email compromise third at 6%.

Question: Interesting, why should we be paying close attention to this backdoor stat, in particular? Is this bad news for organizations?

Andy Piazza: Since we know that backdoors are often the precursor to ransomware events, I take this stat as a good sign, actually. It could mean that defenders are detecting these cases before the ransomware payload is actually deployed.

Question: Why is that so important?

Andy Piazza: Instead of playing catch-up against a barrage of threats, this means we’re moving left of boom and getting ahead of the actual real critical impacts.

Question: Aside from the upside of getting ahead of threat actors looking to deploy ransomware, what are the other implications — positive or negative?

Andy Piazza: I think this stat continues to deliver us positive news. Since we know that ransomware groups are using double extortion techniques where they’re stealing our intellectual property and threatening to release it on the internet, detecting the backdoors early gives us a huge opportunity as defenders to not only prevent the catastrophic impact of ransomware encrypting a bunch of systems — but intellectual property theft, as well. I think that’s a huge win for defenders and I want to see that trend continue.

Question: What advice can you offer organizations when it comes to staying vigilant against the latest threats?

Andy Piazza: We need to continue with our threat assessments and not only understand threat actors’ intentions and capabilities, but what those capabilities look like from our network. Are we able to detect and mitigate and respond to those quickly?

Conducting tabletop exercises with executives from all different business units is crucial to putting a plan into practice so they understand the impact to their systems during a ransomware event.

Beyond that, keep on with your risk mitigation through vulnerability management programs, penetration testing and advanced adversary simulation testing as well. It’s not enough to have a plan, you need to pressure test it — and regularly!