The key is to be quicker on your basic security hygiene, as attackers are often exploiting things that are an easy fix.  At least that's what our red team exercises have revealed.  The last ransomware attack I had a hand in cleaning up exploited a vulnerability for which a patch had been issued in the last 7 days, but which was still in testing prior to deployment.  We moved to patching within a 5 day windows and pushed out patches even if we couldn't fully test them, as the alternative was widespread downtime.  Sometimes the least worst option is the one you have to go with.

@JKWiniger   Perhaps the answer lies in always encrypting all data and only handing out keys to completely verified and authorised users only i.e. Full Homomorphic encryption for instance?

Then they the attackers would have to attack the central authority to obtain the keys to the kingdom, but they time they have done that perhaps their access will have been withdrawn - but they will keep attempting to gain access?  

Regards

Caute_cautim

@Steve-Wilme   I agree in part, however, unfortunately like many organisations, they act as islands in the sea.  Whereas the bad guys are really getting good at sharing, and collaborating and working at it with proxies and joint ventures - we simply have to get smart and work out exactly what are we failing to do, and change accordingly our behaviour within legitimate organisations.

Alone, as islands we will all definitely fail, in all probability the speed, the use of the AI tools together with smart innovation and the flexibility to move quickly, whereas others are still patching - perhaps automation processes and orchestration is the key to solving this.  Removing the human factor to a degree and increase efficiencies and effectiveness.  Then it may become a robot vs robot situation?

Regards

Caute_cautim