By JP Perez-Etchegoyen, CTO of Onapsis.
Cybersecurity continues to be an increasingly complex landscape for businesses to navigate as cybercriminals become more sophisticated and the frequency of attempted attacks grows at a rapid pace. One of the biggest cybersecurity challenges that businesses have to contend with today is ransomware, which has become the biggest global cyber threat as attacks strike fast and can do massive damage.
We particularly saw the rapid rise of the ransomware threat during the period of the Covid-19 pandemic, a time when most organisations and industries were increasingly adopting new technologies to help adapt to a new, remote environment characterised by digital transformation.
According to the latest ransomware statistics, more than a third of organisations across the globe suffered an attempted ransomware attack in 2021, an increase of 105% - to 623.3 million ransomware attacks - compared to 2020. And, while the volume of ransomware attacks fell by 23% in 2022, as organisations began to more aggressively respond to cyber threats, attack methods are continuously evolving at the same time that average ransomware demands are dramatically increasing.
In fact, a recent cyber threat report projects that ransomware damages are expected to exceed $30 billion worldwide in 2023 as threat actors increasingly try to use this malicious tactic to hold critical infrastructure captive against their demands. For example, despite the fact that we’ve just barely made headway into the new year, the Royal Mail just recently suffered a ransomware attack by Russian criminal group LockBit, leaving the UK postal service unable to send any parcels or letters overseas. While the Royal Mail refused to provide any details on the attack, it’s estimated that the ransom would not be less than $1 million.
To understand why ransomware is able to do so much more damage than most other forms of cyber attacks we need to understand how it works. Ransomware is essentially a form of malware that holds a victim’s data hostage, usually by blocking access to that data through encryption or by simply stealing and deleting said data, until a demanded sum of money is paid to the malicious actors extorting the organisation. The attackers might even threaten to leak the data they’ve stolen to the public if their demands aren’t met.
Ransomware is often best able to find purchase in a business’ network or systems by exploiting existing vulnerabilities, and an organisation’s biggest vulnerabilities in today’s digital landscape are its people and its applications. With the current volatility surrounding the global and UK economy as a result of economic slowdown, record inflation, and a looming possible global recession in 2023, businesses simply cannot afford, not only the ransom aspect of a breach but the reputational cost as well. But, there’s good news to be had as ensuring the protection of your business does not have to be challenging and complicated.
Create a culture of security
Human error is one of the biggest sources of weakness that cybercriminals use to exploit an organisation and gain access to their systems or data. As such, developing and implementing comprehensive cybersecurity programs that lay out the guidelines and best practices that employees should follow is vital to enabling any organisation to assess, prepare for and mitigate the risk of human vulnerability.
One of the simplest ways to protect any business is by training employees how to identify suspicious emails and suspicious email attachments, and what to do once they have, as email is often a primary entry point for ransomware. This will help to create a clearly defined security system and culture that enables everyone within the organisation to take responsibility for maintaining cybersecurity and reducing risk.
Adopt robust cybersecurity processes and technologies
With cybercriminals having shifted towards attacking key entry points on networks relying on cloud services, exploiting unpatched or software vulnerabilities to launch their ransomware attacks, or simply bypassing endpoint detection and accessing data through the application layer, it has never been more important to ensure that practical steps are taken to secure your business against ransomware.
This is particularly true for organisations which have adopted remote or hybrid work environments as employees might often make use of remote networks (such as public Wi-Fi) when working outside of the office and away from home, making their devices and thereby your network more susceptible to attacks.
While it is best to avoid using public Wi-Fi for sensitive transactions, organisations can provide employees with the use of secure connection mechanisms which could include a VPN service or an entire Zero-Trust architecture, as well as more robust authentication mechanisms ( i.e. multi-factor authentication, or Single Sign On) to create extra layers of security when they are making use of insecure networks.
In order to close the gap of existing vulnerabilities that can be easily fixed, it’s best to regularly and proactively update computer programs, operating systems, and applications while also ensuring that every new system or application is integrated into existing security systems to ensure that they’re protected.
However, it’s important to note that because business-critical applications are very attractive targets to cybercriminals due to being essential to everyday operations - which if interfered with could have devastating consequences not only to business continuity, but also a business’ customers, suppliers and partners - preparing for a ransomware attack requires a more holistic approach that goes beyond simply securing endpoints, backing up files, and hoping for the best. Organisations must also ensure the security hardening of business-critical applications themselves while continuously monitoring vulnerabilities and threats to these applications and make a clear commitment to control and governance.
Add a Comment
No messages on this article yet