Article by Helen Sutton

New cyber crimes are discovered and reported on with increased regularity, with some –– such as Colonial Pipeline and JBS Foods –– drawing global headlines.

One of the more increasingly common types of cyber crime is ransomware, which comes as no surprise considering the number of ransomware attacks on organisations increased by 93% in the first half of 2021 when compared to the same period in 2020.

While ransomware –– and more broadly cyber crime –– isn’t new to IT professionals, the recent surge has spurred public and private sector leaders worldwide to seek effective and sustainable solutions to detect, mitigate, and prevent new cyber threats.

Finding solutions is challenging due to the widening and diversifying information landscape –– which by itself comes with a new variety of daily risks, the growing complexity of enterprises’ infrastructure, and increased use of digital currencies that allow for anonymity. And cyber criminals are exploiting organisations’ lack of understanding about the vulnerabilities that this complexity creates.

How did we get here? Where can we go?

Ransomware is far from new. In fact, the first ransomware attack, the PC Cyborg Trojan, was over 30 years ago in 1989. New age ransomware is not only more sophisticated, due to advanced distribution efforts and technological developments, the demand for ransomware payments is far more frequent since the onset of the COVID-19 pandemic. With many organisations forced to unexpectedly shift their workforces to be remote, cyber criminals quickly began targeting vulnerable digital infrastructures.

That’s not to say that remote work solely bears the blame for the proliferation of cyber attacks. While it remains a key factor as remote and hybrid models become more common, the growth, maturation, and sophistication of ransomware continues to have an outsized role. Ransomware groups have become highly orchestrated operations and license their capabilities to other hackers via the ransomware-as-a-service (RaaS) model. Their operating models are similar to that of well-run organisations, including the use of support desks and service level agreements.

As such, ransomware should be one of the top threats to an organisation that leaders should be concerned about.

How have organisations and governments responded?

The response to ransomware attacks varies. Most organisations pay the ransom, despite the fact that many government agencies strongly recommend not doing so. They argue that ransom payments will only incentivise criminals. In an effort to disincentivize ransomware attacks, China has banned the use of Bitcoin as that is the currency of choice for most cyber criminals.  Australia has also announced new legislative reforms, which include a new set of offences to further criminalize ransomware.

However, it’s easy to understand why organisations opt to pay. Their stolen data has been encrypted and held hostage, and they want to get it back as soon as possible to avoid business continuity issues and/or the potential release of sensitive data. Generally, ransomware groups unencrypt the data and restore access.

But organisations should beware of a rising trend: double and triple ransomware extortion, whereby ransomware groups wrest additional payments out of companies on top of the initial ransom demand. Double ransomware tends to focus on threats to publicly release the stolen data of the company first targeted, while triple ransomware makes various demands on the company’s customers and suppliers.

How to stay ahead of attacks

Despite these cascading trends, there are some measures organisations can take to protect themselves. To start, invest in identifying your vulnerabilities and technologies that can detect them in real-time, and educate your workforce on the various types and traits of cyber crimes. The latter may sound simple, but according to Jen Easterly, Director of the U.S. Cybersecurity Infrastructure Security Agency (CISA), 90% of successful cyber attacks begin with a simple phishing email.

She also points out that using multi-factor authentication makes accounts 99% less likely to be hacked. Surprisingly, even at large companies, these fundamentals are either in place but not working well enough or are not in place at all.

Although cyber crimes are increasingly complex, mitigating and protecting against them doesn’t always have to be.

The convergence of cyber-physical risks

Cyber crime doesn’t only lead to cyber damage. More often than not, what happens in the digital domain bleeds into the physical world.

For example, when the ransomware attack on IT services company Kaseya forced Swedish supermarket chain Coop to temporarily close 800 of its stores. Or when the Irish healthcare system was hit by a ransomware attack that caused it to shut down all of its IT systems, jeopardising patients’ health and safety.

A few organisations have responded to the convergence of these cyber and physical risks by creating a security operations center (SOC) that houses both their physical and cyber security teams. In those instances, cyber and physical risks are handled by the same analysts or co-located analysts. We’ve seen this model adopted by some of the big banks. But this approach is still fairly rare.

The power of real-time information

We know that cyber attacks will continue to rise in frequency as well as complexity, and can occur at any given time, anywhere in the world. As such, it is critical that organisations invest in technology that gives them access to real-time information –– where the most relevant information is extracted from large and diverse volumes of data –– so that they can detect cyber threats and vulnerabilities as early as possible and within the context of their people, assets and operations.

Those that do invest in such technology will be able to not only stay ahead of cyber threats, but quickly and effectively mitigate and respond to risks, allowing them to better protect their people, organisation, stakeholders, and bottom line.

About the author

Helen Sutton is Senior Vice President of EMEA & APAC Sales at Dataminr. She has 20 years of experience in enterprise software across multiple industry sectors. Prior to joining Dataminr, she held several sales leadership roles, including those held at Splunk, DocuSign and SAP.