Ransomware attacks are an ever-present, growing threat to businesses of all types. However, despite the fact that such cyber threats are a common occurrence, many businesses remain vulnerable and are unprepared to respond to a successful attack. Here, ITP.net speaks to Werno Gevers, cybersecurity specialist at Mimecast, about how CISOs can protect their organisations from attack and what steps they can take if their defences are breached.
The rise of ransomware
In a recent global report, Mimecast found that 80 percent of organisations suffered a ransomware attack in the past two years. Further, a recent report found that ransomware attacks had increased by 282 percent between the first and second half of 2020, with no sign of a let-up.
“Ransomware has become a weapon of choice because, when attacked, organisations are unable to access critical data, often forced offline and therefore unable to operate or do business. This leads to reputational damage and loss of income and customers. Without the right recovery solutions in place, CISOs are often left with little choice but to pay the ransom, meaning that the pay-out for criminals is big. It’s a lucrative business,” says Gevers.
Every business is at risk, but critical infrastructure, such as water and fuel supplies, is perhaps the most tempting target for criminals as societies depend on them and providers tend to do whatever is required to get back online quickly. “In fact, the emergence of ransomware-as-a-service, which makes powerful ransomware attacks accessible to anyone willing to pay for it, may see a further escalation in these types of attacks,” says Gevers.
Impersonation attacks
The pandemic, and the associated shift to a hybrid work model, has presented attackers with opportunities. As organisations struggle with supply chain issues and hybrid work environments, most face an imbalance between people, technology and processes, leaving vulnerabilities that attackers are ruthlessly exploiting. Alongside ransomware, brand impersonation attacks are increasing, with Mimecast’s State of Brand Protection report revealing that companies on the Brandz Top 100 Most Valuable Global Brands 2020 index saw a 381 percent increase in brand impersonation attacks in May and June 2020 compared to January and February, prior to the emergence of the pandemic.
Responses to a successful attack
No defence is entirely reliable, and the question then becomes what a CISO should do to ensure recovery and continuity. Gevers points to three elements that can ensure a business recovers efficiently.
Firstly, having an effective backup and recovery plan in place along with a continuity solution is vital. “Data backups can help companies quickly get back to normal and help avoid them having to pay the ransom,” says Gevers.
Secondly, an accurate and restorable business email repository allows for the restoration of data lost in an attack.
Finally, with a continuity solution in place, employees can carry on working in the event of systems being forced offline to contain the attack.
To pay or not to pay
Mimecast’s latest data reveals that the Middle East incurs the second-highest average cost per data breach of the 17 regions surveyed, a staggering $6.93 million per data breach.
“Organisations, desperate to get their data back and avoid downtime as well as damage to their customers and reputations, are paying huge sums to these criminal organisations. Mimecast research found that 43 percent of organisations in the UAE that suffered a ransomware attack paid the ransom, but only 44 percent of these actually recovered their data,” says Gevers.
Paying a ransom plays into the criminals’ hands. If an organisation pays, they become a prime target for future attacks. According to Gevers, 47 percent of companies refused to pay in order to discourage further attacks. 24 percent of companies that paid a ransom were later attacked again.
“Many insurance firms no longer cover the cost of ransomware payments. Only eight percent of respondents said their cyber liability insurance paid the ransom in the event of an attack. The rest of the respondents either didn’t pay or paid it themselves,” says Gevers.
The message is clear: Payment does not guarantee the return of data, nor does it prevent further attacks.
Cybersecurity in a hybrid world: It takes more than just technology
A contemporary security strategy
A cyber resilience strategy offers the best chance of successfully defending against cyber attacks and restoring operations in the event of a successful attack. Here, Gevers lays out a series of steps that companies should take:
- Email remains the most common attack vector, companies need an established cloud-based secure email gateway with advanced scanning.
- A layered email security strategy is required alongside solutions such as Microsoft 365. Enabling best-of-breed security solutions through API integrations offers the best possible defence.
- Protect and preserve data by archiving an independent, separately secured environment. Organisations can then resume business quickly after an attack while maintaining minimal data to reduce their exposure.
- Establish an email continuity plan that allows the continuance of operations in the event of a cyber-attack.
- Support end-users through regular cybersecurity awareness training to strengthen overall organisational defences and reduce human error or negligence.
- Leverage new technologies such as AI and machine learning to support security teams. Such tools help recognise patterns for detecting threats or vulnerabilities, giving greater visibility over potential risk areas.
- Monitor and control shadow IT. In the hybrid digital workplace, lines between personal and professional lives are increasingly blurred. Unsecured Wi-Fi, public file-sharing services and insecure website access all increase the risk to the user and the organisation. By gaining greater visibility over applications, security teams are better able to monitor which apps are being used and block those that pose a risk to organisations.
