A year after law enforcement paraded the takedown of LockBit as a victory for cyber security, the harsh reality has set in: ransomware didn’t retreat – it metastasised. The criminals didn’t stop; they just got smarter. Now, with operations like Ghost infiltrating networks in over 70 countries, the threat is more pervasive than ever.
And despite the billions blown on shiny cyber security tools, AI-powered dashboards and employee awareness campaigns, companies are still getting breached – and still paying ransoms. Why? Because the industry has been peddling a lie: that buying the new shiny thing will be the silver bullet and keep the wolves at bay.
The illusion of security
The industry’s obsession with shiny new tools is misguided. The truth is that the silver-tongued salespeople and their skilled marketers have lied to their customers. They’ve given them a false sense of security that if they buy this single new product, nothing bad will happen.
The failure of this product-centric approach is plain to see. Breaches continue to dominate headlines, and many of those affected have done everything the “experts” told them to: they trained their staff, bought the most expensive backup solutions, installed the highest-rated endpoint protection. Still, they found themselves in negotiations with criminals, trying to rescue their stolen or encrypted data.
So, what’s the answer? The only way to build real protection is to shift the mindset – from defence through products to resilience through visibility.
Visibility is the new cyber security gold
Our approach is rooted in visibility and continuous monitoring. When we know what we have, we know how it behaves – and we know when something is going wrong. Without visibility, we’re guessing. We’re assuming we’re okay.
This is a brutal truth many business leaders don’t want to hear: spending on security without understanding your environment is like buying a state-of-the-art alarm system and leaving your doors open. No tools or training can replace situational awareness and real-time visibility across your entire digital infrastructure.
Rather than hoping to keep criminals out altogether – a near impossibility today – companies must assume compromise and have controls that are resilient and provide the visibility to respond effectively when something goes wrong.
Ban the ransom? Good luck
The debate over whether ransomware payments should be made illegal is intensifying. The logic is sound on paper: banning payments would make ransomware less profitable, removing the incentive for attacks. The real world doesn’t operate according to whiteboard logic.
Yes. Paying a ransom should be illegal. It’s an easy answer. Because when there is a law that makes something illegal, everybody then stops doing it. Right?
The real issue is that a law banning ransom payments won’t stop cyber crime – it will only make the consequences for victims worse. Businesses under siege often face an impossible choice: break the law or lose everything. And in the face of losing their business, their livelihood and their ability to support employees and families, many will choose survival.
Criminalising payments could drive incidents further underground. We already suffer from a lack of reporting and transparency. Banning payments will force good people to break the law just to survive.
Building a living incident response plan
If banning ransoms isn’t the answer, what is? Preparation – specifically, a comprehensive, continually updated incident response (IR) plan created in partnership with experienced cyber security professionals. This starts with a full inventory of assets, a realistic assessment of risks (both internal and external) and an understanding that not all breaches are created equal.
A compromised standard user account is one thing. A compromised CEO account is a whole different world. Your IR plan must reflect this complexity. It should be flexible, scenario-based and regularly revised – not a static “Bible” but a living document.
The worst time to discover your plan is outdated is during an active breach. Every incident, whether large or small, should feed back into the IR plan, strengthening it for the future. It will never be finished. But it can always be better.
The real path forward
The era of buying your way to security is over. Ransomware has evolved, and the business world must evolve with it. While flashy tools have their place, they are only effective when used within a broader strategy that prioritises visibility, resilience and continual improvement.
We are never going to stop cyber criminals from being criminals. But we can ensure resilience to deliver real security and protection. The goal isn’t to eliminate risk entirely – that’s impossible. The goal is to detect it early, respond effectively and bounce back stronger. That’s not something you can buy off the shelf. But it is something you can build.
Share
J2 Software
J2 Software is a cyber security-focused technology business founded in 2006 to address the critical need for effective cybersecurity, governance, risk, and compliance solutions that are practical and purpose-built. With the continued rise of cybercrime, identity theft, and confidential data leakage, J2 Software's mission is to provide managed cyber security services that are not just a competitive advantage but an absolute business necessity.
Our comprehensive managed cyber security services cater to businesses of all sizes, ensuring greater visibility to identify risky behaviour and enhancing the capability to respond effectively to prevent losses. We understand that cybersecurity is essential for protecting valuable assets and maintaining business continuity.
J2 Software delivers essential tools that empower organisations to take control of their technology spend. Our hand-picked solutions, combined with expert services, provide complete visibility over our customers' environments while reducing risk and lowering costs.
With a dedication to improving the cyber resilience of our customers, J2 Software has expanded its reach globally, serving more than 700 customers across 5 continents. Our commitment to innovation, reliability, and customer satisfaction has made us a trusted partner in the ever-evolving landscape of cybersecurity. Partner with J2 Software to safeguard your digital assets and secure your business's future.