Rise in Ransomware Spell End of Business-as-Usual
Brian Pinnock, Cybersecurity Expert, Mimecast, explains how organisations can bolster their security in response to the growing threat of ransomware attacks.
Even as the world remains in the grip of a global pandemic that is showing no signs of abating, another threat is vying for the crown of number one risk to the global economy.
In scenes reminiscent of action thrillers, high-tech criminal organisations are targeting high-value organisations and critical national infrastructure.
Data is being locked away in encrypted formats and criminals are demanding ransoms for millions in exchange for the release of data or, in some cases, the promise to not release sensitive customer and company information such as passwords and ID numbers publicly (in what is known as double extortion attacks).
These ransomware attacks are forcing organisations offline, which can lead to major disruption of an organisation and their supply chains. Downtime means organisations are unable to deliver services which could be catastrophic when it affects critical national infrastructure.
Following a series of highly publicised ransomware attacks on businesses and critical US infrastructure, the US Department of Justice has announced it is elevating investigations of ransomware attacks to a similar priority level as terrorism.
Middle East organisations targeted
In Mimecast’s State of Email Security 2021 Report, 78% of UAE respondents admitted to a business impact due to a ransomware attack in the past 12 months, with six days being the average amount of downtime. Common consequences for UAE organisations affected by a lack of cyber preparedness include data loss (37%), business disruption (34%), damage to their reputation (30%), loss of productivity (36%), financial losses (20%) and negative impact on regulatory compliance (25%).
The research aligns with a statement made by the Head of UAE Cybersecurity, Lt Col Mohamed al-Kuwaiti, who noted a ‘cyber pandemic’ as the country saw an increase of at least 250% in cybersecurity incidents, most notably phishing and ransomware attacks.
In a recent global survey, eight out of ten organisations admitted to suffering a successful ransomware attack, with large enterprises of over 5 000 employees experiencing nearly 10 000 ransomware attacks over a two-year period – an average of more than 13 every single day.
The cost of such attacks is alarming. According to the latest data, the Middle East incurs the second-highest average cost per data breach of 17 regions surveyed, a staggering $6.93-million per data breach.
Organisations, desperate to get their data back and avoid downtime as well as damage to their customers and reputations, are paying huge sums to these criminal organisations. Mimecast research found that 43% of organisations in the UAE that suffered a ransomware attack paid the ransom, but only 44% of these actually recovered their data. Fifty-six percent of organisations that paid the ransom never got their data back.
However, ransom payments are playing into the hands of criminals. When an organisation suffers a ransomware attack and makes the payment, they become prime targets for future attacks. In fact our State of Ransomware readiness shows that of the respondents who didn’t pay the ransom, 47% chose not to pay because they believed it would encourage further attacks and 24% of those who did pay, proved this theory right by being attacked again.
Cyber insurance is no longer the silver bullet: many insurance firms no longer cover the cost of ransomware payments. Only 8% of respondents said their cyber liability insurance paid the ransom in the event of an attack. The rest of the respondents either didn’t pay or paid it themselves.
A layered security strategy approach for best protection
What can organisations do in response to the growing threat of ransomware attacks?
First, harden the email perimeter. Email remains the most attractive attack vector. Using a mature, cloud-based secure email gateway with advanced inbound and outbound scanning remains the most effective way to do that.
Second, deploy a layered email security strategy to augment the built-in email security of solutions such as Microsoft 365. Mimecast’s State of Email Security 2021 report found that 93% of Microsoft365 users in the UAE believe their organisations need additional email security to protect against email-borne threats.
Third, protect and preserve corporate data by archiving to an independent, separately secured environment. This allows organisations to recover their data in the event of a successful ransomware attack while also maintaining a lean amount of data that reduces the organisation’s exposure and attack surface. Surprisingly, only 45% of global companies recently reported they have invested in file backups.
Next, establish an email continuity plan that allows you to continue operating in the event of a cyberattack or other disruption. As the lifeblood of modern business productivity, email is essential to keeping the business running in the wake of a disruptive event, including ransomware attacks.
Fifth, support end-users by empowering them with regular and effective cybersecurity awareness training. This helps strengthen overall organisational defences and removes opportunities for threat actors to breach the perimeter due to human error or negligence. Our research found that nearly half of global executives surveyed wanted additional resources for more frequent end-user security awareness training, with security researchers pointing out that end-users need to become an essential part of an organisation’s security strategy.
Sixth, employ new technologies such as AI and machine learning to bolster the capabilities of security teams. Such tools can be invaluable in helping recognise patterns for detecting threats or vulnerabilities, equipping security teams with greater visibility over potential risk areas.
Finally, organisations must monitor and control shadow IT. With the rise of the hybrid digital workplace, the lines between employees personal and professional lives are increasingly blurred. Unsecured Wi-Fi, public file sharing services and insecure website access all increase the risk to the user and, by effect, the organisation. By gaining greater visibility over applications, security teams are better able to monitor which apps are being used and block those that pose a risk to organisational defences.