Ransomware has evolved from being an operational nuisance confined to the IT department into one of the most significant strategic risks faced by organisations today. Last year’s disruptive campaigns run by groups such as UNC3944, also known as Scattered Spider, highlight how these attacks have moved beyond technical exploitation, now centring on social engineering and identity abuse. These developments should be a wake-up call for boards of directors. Identity has become the new security perimeter, and the board’s role in safeguarding it has never been more important.
The changing face of ransomware
Incidents linked to the hacking group, Scattered Spider, have spread rapidly across multiple sectors, from retail in the United Kingdom to insurance and aviation companies in the United States. Their campaigns have created widespread outages, loss of customer data and lasting reputational damage. More significantly, these operations reveal how adversaries are bypassing traditional technical defences altogether.
One of the group’s most effective methods is voice phishing. By impersonating employees, attackers persuade help desk staff to reset credentials or adjust multifactor authentication settings. This gives criminals the ability to register their own devices for authentication, effectively handing them legitimate access to corporate systems. This tactic undermines the assumption that multifactor authentication alone provides a strong barrier. It also shows how vulnerable human processes can be when they fall outside the direct control of security teams.
Another shift is the targeting of modern IT infrastructure. As organisations pursue digital transformation and move workloads into the cloud, they create opportunities for attackers who can navigate between on-premises and cloud environments. Compromised accounts in single sign-on systems have allowed adversaries to extend their reach across a broad range of business applications. This approach transforms what once would have been a limited intrusion into a full-scale compromise of an enterprise environment.
At the heart of these campaigns lies the abuse of identity. Ransomware actors increasingly rely on valid credentials rather than custom malware or exploits. The implication is clear. Protecting identity is now the most important line of defence.
A strategic role for boards
Boards have a unique position in addressing this challenge. Identity security cannot be left solely to technical teams. It requires investment, cultural alignment and cross-organisational commitment, all of which fall within board-level oversight.
The most effective actions boards can take include:
- Elevating identity to the same level of importance as traditional perimeter controls, with phishing-resistant authentication methods, stronger help desk verification, and regular employee awareness training.
- Promoting a threat intelligence-led security posture by ensuring that security investments are closely tied to real-world adversary tactics and supported by resources such as hardening guides and red team exercises.
- Embedding cyber risk oversight into digital transformation by demanding that security is built into innovation and cloud adoption from the outset, rather than treated as an afterthought.
Enabling trust and resilience
The future of business resilience rests on moving beyond reactive defence. Ransomware’s shifting tactics demonstrate that a purely technical response is insufficient. Directors must integrate cyber risk into their governance responsibilities. By doing so, they can ensure that security serves as the foundation for resilience, innovation and long-term growth.
Identity is no longer an issue confined to IT teams. It is the new centre of gravity in cybersecurity and therefore a strategic priority for the entire organisation. Boards that understand this shift and act decisively can protect their companies from the escalating threat of ransomware while also building the trust needed to thrive in a digital economy.
Jamie Collier is the Lead Threat Intelligence Advisor (Europe), Google Threat Intelligence Group.