By 
By cybersecurity expert and J2 Software CEO John Mc Loughlin
A year after law enforcement paraded the takedown of LockBit as a victory for cybersecurity, the harsh reality has set in: ransomware didn’t retreat – it metastasised. The criminals didn’t stop; they just got smarter. Now, with operations like Ghost infiltrating networks in over 70 countries, the threat is more pervasive than ever.
And despite the billions blown on shiny cybersecurity tools, AI-powered dashboards, and employee awareness campaigns, companies are still getting breached – and still paying ransoms. Why? Because the industry has been peddling a lie: that buying the new shiny thing will be the silver bullet and keep the wolves at bay.
The illusion of security
The industry’s obsession with shiny new tools is misguided. The truth is that the silver-tongued salespeople and their skilled marketers have lied to their customers. They’ve given them a false sense of security that if they buy this single new product, nothing bad will happen.
The failure of this product-centric approach is plain to see. Breaches continue to dominate headlines, and many of those affected have done everything the “experts” told them to: they trained their staff, bought the most expensive backup solutions, installed the highest-rated endpoint protection. Still, they found themselves in negotiations with criminals, trying to rescue their stolen or encrypted data.
So, what’s the answer? The only way to build real protection is to shift the mindset – from defence through products to resilience through visibility.
Visibility is the new cybersecurity gold
Our approach is rooted in visibility and continuous monitoring. When we know what we have, we know how it behaves – and we know when something is going wrong. Without visibility, we’re guessing. We’re assuming we’re okay.
This is a brutal truth many business leaders don’t want to hear: spending on security without understanding your environment is like buying a state-of-the-art alarm system and leaving your doors open. No tools or training can replace situational awareness and real-time visibility across your entire digital infrastructure.
Rather than hoping to keep criminals out altogether – a near impossibility today – companies must assume compromise and have controls that are resilient and provide the visibility to respond effectively when something goes wrong.
Ban the ransom? Good luck
The debate over whether ransomware payments should be made illegal is intensifying. The logic is sound on paper: banning payments would make ransomware less profitable, removing the incentive for attacks. The real world doesn’t operate according to whiteboard logic.
Yes. Paying a ransom should be illegal. It’s an easy answer. Because when there is a law that makes something illegal, everybody then stops doing it. Right?
The real issue is that a law banning ransom payments won’t stop cybercrime – it will only make the consequences for victims worse. Businesses under siege often face an impossible choice: break the law or lose everything. And in the face of losing their business, their livelihood, and their ability to support employees and families, many will choose survival.
Criminalising payments could drive incidents further underground. We already suffer from a lack of reporting and transparency. Banning payments will force good people to break the law just to survive.
Building a living Incident Response Plan
If banning ransoms isn’t the answer, what is? Preparation – specifically, a comprehensive, continually updated incident response (IR) plan created in partnership with experienced cybersecurity professionals. This starts with a full inventory of assets, a realistic assessment of risks (both internal and external), and an understanding that not all breaches are created equal.
A compromised standard user account is one thing. A compromised CEO account is a whole different world. Your IR plan must reflect this complexity. It should be flexible, scenario-based, and regularly revised – not a static “Bible,” but a living document.
The worst time to discover your plan is outdated is during an active breach. Every incident, whether large or small, should feed back into the IR plan, strengthening it for the future. “It will never be finished. But it can always be better.
The real path forward
The era of buying your way to security is over. Ransomware has evolved, and the business world must evolve with it. While flashy tools have their place, they are only effective when used within a broader strategy that prioritises visibility, resilience, and continual improvement.
We are never going to stop cybercriminals from being criminals. But we can ensure resilience to deliver real security and protection. The goal isn’t to eliminate risk entirely – that’s impossible. The goal is to detect it early, respond effectively, and bounce back stronger. That’s not something you can buy off the shelf. But it is something you can build.
