In 2023 it is safe to say that cybercrime has evolved from a mere nuisance to a global threat of monumental proportions. To prove this is not just hyperbole, the World Economic Forum, in its Global Risks report 2023, listed “Widespread cybercrime and cyber insecurity” as a new entry showing how bad this problem has gotten.
Of all the different types of cybercrime attacks happening worldwide, Ransomware which encrypts and holds data for ransom, lists at the very top as one of the most destructive.
A recent report, “2022 Official Cybercrime Report by Cybersecurity Ventures,” highlighted ransomware as the most immediate cyber threat to governments and companies globally.
There are several factors why the ransomware problem is not going away anytime soon:
It is straightforward to get up and running with ransomware now, with Ransomware-as-a-Service available to wannabe cybercriminals. Any newbie can pay a bit of upfront money and get up and running with cyberattacks without much technical knowledge. This cybercrime model has exploded the popularity of ransomware attacks.
It is profitable, as most companies do pay. Up to 70% of companies are willing to pay the money to get their data back and resume business operations.
Economic downturns, hiring freezes, and budget cuts are a reality that cybersecurity teams have to live with, and cybercriminals don't. They can continue to operationalize and streamline their operations year after year.
AI-based cybercrime is quickly becoming popular in which automation will take over most low-level attacks allowing cybercriminals to focus on more attractive targets. By offloading trivial tasks to a bot, ransomware can become more and more advanced and hard to detect.
More and more targets to attack as cloud adoption and remote/hybrid working increases globally. Everything from cloud storage to IoT devices is a potential point of entry for ransomware.
Ransomware is not restricted to financial motives, as it was used to aid physical warfare in the recent Russia-Ukraine conflict. It can now serve as an effective digital assault on a country’s critical infrastructure while physical forces work on the battlefield.
How to protect against ransomware
Now that we know the scope of this massive problem, what can be done about it?
The first step to realize is that there is no “one size fits all” solution to ransomware attacks. Any vendor pushing for a magic solution that will solve your ransomware problems should be avoided like the plague.
Protecting against ransomware needs a detailed defense-in-depth strategy with controls at multiple levels to be successful. Let's take a look at some of the most important.
User awareness - yes, the number one reason for ransomware infections remains a user clicking on some attachments, causing woes to the entire company. Invest in proper security training or face the damage later on.
Anti-malware protection at all endpoints, which is regularly tested against ransomware attacks and variants, must be present.
Network segmentation - Is there any reason your business-critical systems need to be on the same network as users browsing the internet?
Incident response playbooks dedicated to ransomware. Check out the AWS one here for inspiration.
A proper backup strategy is your last defense and something that cybercriminals are aware of. Ransomware typically infects backups also to make sure companies cannot recover back to a clean copy of the network. Investing in multiple backups and immutable storage can be an effective counter. Immutable backups essentially cannot be altered once made and render ransomware attempts useless.
Ransomware attacks are not going away anytime time. Identity this threat to your company and take appropriate steps to protect against it. Boards are becoming more and more cyber-savvy as attacks increase globally. Use this opportunity to take their help and invest in proper controls before your company’s name becomes a ransomware headline
Comments