As cybercrime continues to evolve, businesses across the globe are being forced to reassess their security measures and consider the implications of increasingly sophisticated threats. A particular type of cyberattack, known as ransomware, has been growing in prevalence, making headlines and demanding serious consideration from boards and security teams alike. This article will delve into the complexities of ransomware and present expert advice on how to prepare for and manage these threats effectively.
Rising Ransomware Threat
The Australian Cyber Security Centre (ACSC) received nearly 500 ransomware-related reports in 2020-21. Attributed to the increased usage of Ransomware-as-a-Service (RaaS) model, the number of these attacks is alarming. However, the frequency of ransomware attacks declined in Australia in 2022, with 70% of organisations reporting an attack, down from 80% the previous year, according to the Sophos State of Ransomware 2023 report.
Key Takeaway: Ransomware is an escalating threat, but proactive security measures can reduce the frequency of successful attacks.
“Leak and Lock” Ransomware Attack
Cybercriminals are constantly modifying their tactics. A recent method, the “leak and lock” ransomware attack, involves leaking some information before locking it, thereby exerting extra pressure on the victim business. Companies are urged to consider the risk to customers from downtime, and the risk to the market for shareholders when facing such an attack.
Industry experts recommend that organisations regularly test decision-making processes in simulated ransomware attack scenarios, as risk profiles change over time.
Key Takeaway: Regularly simulated cyberattacks can help an organisation assess its decision-making capabilities under pressure.
To Pay or Not to Pay?
Industry experts advise against paying the ransom in a ransomware attack, as this could be viewed as facilitating criminal activity, leading to significant reputational damage. Additionally, there’s no guarantee that the data will be restored even once a ransom is paid. Instead, organisations should invest in incident prevention and response capabilities.
Key Takeaway: Paying the ransom is not a guaranteed solution and can lead to further problems, both legal and reputational.
Protecting Your Business
To enhance security posture, an organisation needs a sound approach to security culture and data management. A “defence in depth” strategy that uses multiple security measures is recommended, along with safe deletion of unnecessary data.
Key Takeaway: A comprehensive cybersecurity strategy involves not only multiple security measures but also an organisational culture that prioritises security.
Building Knowledge at the Top
Safeguarding businesses from the evolving cyber threat landscape requires a holistic approach. Industry experts suggests prioritising cyber hygiene, risk-based investment in cybersecurity, leveraging emerging technologies, and focusing on resilience.
Key Takeaway: Understanding, measuring, and regularly communicating cybersecurity metrics can help boards better govern and provide guidance.
Key Steps to Safeguard Your Business
- Cyber Hygiene: Activities like vulnerability identification, robust patch management, cyber awareness training, and endpoint detection are crucial.
- Risk-Based Investment: Prioritise investments according to the risk. Focus controls on high-value assets.
- Leverage Emerging Tech: Use AI and machine learning to enhance detection and automated response.
- Invest in Robust Incident Response: Prepare a crisis management team through regular crisis scenarios. Build resilience by acknowledging the unfair fight against cybercriminals.
As cyber threats continue to evolve, boards must stay vigilant, continually updating their knowledge and guiding their organisations to strengthen their cybersecurity stance. By understanding the threat landscape and implementing proactive measures, they can help mitigate the risk of a cyberattack, thus safeguarding the organisation’s reputation and business continuity.