The threat posed by ransomware has become increasingly acute of late, as cybercriminals shift their approach to circumventing company-built protections. First, the advent of double extortion attacks (in which criminals exfiltrate and encrypt data) meant that companies could no longer rely on extended backups for restore. And now hackers are beginning to adopt triple extortion techniques, adding DDoS attacks to their arsenal. The heyday of the cyber insurance market has offered companies a way to mitigate the financial risk of ransomware, but it also stimulates new attacks by increasing the likelihood of a payout. To find out the combination of factors that make ransomware so effective, as well as steps companies can take to minimize the danger, TechRadar Pro spoke with Aare Reintam, chief operating officer at security firm CybExer Technologies.
What are the qualities that make ransomware such a powerful threat?
Unfortunately, ransomware is an efficient way for mischievous actors to finance their criminal activities. The sums generated by successful attacks exceed millions, and hackers create a vicious cycle of criminal behavior in which high payouts allow them to spend more time and money developing their approach. Paying a ransom is fueling new cybercrime and increasing the incentive to launch more and more attacks. This is what turns the wheel and the threat increases as virtually every single company operates with some digital capability, making them fragile.
For what reason have we seen an influx of attacks over the past year?
Covid-5 has led to a greater unavoidable reliance on online systems due to the increase in the number of employees working remotely. For its part, there have been a greater number of conclusive attacks that have influenced the operation of the industry, critical infrastructure, public health systems and have also harmed end users. We have seen an increase in cybercrime in certain more fragile areas, including public health systems and health centers, which has generated media interest and awareness among the general public. The relative success of cybercriminals in the last XNUMX years has led devious actors to find new ways to exploit weak environments and push even harder. But we must also understand that defense is also improving to counter the increasing intensity of new threats.
How can companies balance the need to guard against ransomware with the need to maximize staff productivity?
Creating a backup and contingency system is essential to maximize staff productivity while ensuring companies are protected against ransomware. In addition to this, the company's information systems must be distinguished and prioritized. Central systems need to be more heavily guarded. A company's cybersecurity strategy should determine where the crown jewels and secondary systems are and value cyber spend accordingly.
How have ransomware strategies evolved in recent times?
Cyber criminals and government-backed teams have developed their tactics and methods to successfully demand ransom from their victims. Ransomware has evolved dramatically, from traditional ransomware to ransomware twenty, and now to what we call "triple extortion." Triple extortion occurs once the data has been breached and encrypted: Hackers then manipulate a company's data to wreak havoc on the business. Nor can we forget the impact of the pandemic, since companies have been forced to convert digitally in record time, but have had to maintain exactly the same level of accessibility and quality for both staff and service customers, increasing from This forms the possible angles of attack. And because the companies want to sustain their services and cash flow, they are willing to pay the ransom if it means they can continue "business as usual."
In what way does he see the discussion around cyber insurance?
Obviously, there is a market for products like this. If insurance companies pressure potential cyber service customers to perform IT security audits as a prerequisite, this causes systems to be more resilient, with which there are positives. But at the same time, companies still need to keep their employees and systems up to date. Insurance should never be an excuse for complacency when trying to prepare for cyber threats.
How might the transition to hybrid work affect my ability to protect against ransomware?
Hybrid work effectively creates new opportunities for cybercriminals. People often work with insecure and easy-to-monitor connections, creating a general situation where cyber hygiene is still low. We recommend that companies “vaccinate” their employees against cyber threats by improving their knowledge of cyber hygiene. There are some good free free tools, but we also advise you to contact specialists who are in charge of cyber hygiene training.
● What new techniques and emerging technologies could play a role in protecting against ransomware?
It's all about keeping your cybersecurity staff and IT teams continually updated and trained. Cyber Ranges are a great option for giving employees hands-on experience on how to combat cyberattacks – they have always been incorporated into the military field, but that has drastically altered where the demand for this technology is. It has increased in each and every business area. . The technology lets your teams simulate an attack and react in real time, something we haven't had the chance to do before. It also gives IT teams more perspective by letting them look at their systems from the outside looking in, just like cybercriminals do. The way I see it, each and every Fortune XNUMX company (at the very least) should employ cyber-flames to train their staff, proactively ensuring they are ready for incoming threats.