As we emerge from the coronavirus pandemic, the growth and severity of cyber-attacks are causing concern among cybersecurity practitioners.
With the increased adoption of technology, opportunities for exploitation increases, and without the correct security systems in place, many organisations are left exposed.
In many ransomware cases, hackers have demanded substantial sums for the deletion of stolen data and access to encryption keys, forcing organisations to make a choice – pay up, or risk losing everything.
The annual Hiscox Cyber Readiness Report last year reported UK firms are now 15 times more likely to suffer a cyber-attack than a fire or theft. What can a firm start doing to protect itself?
Perhaps the choice is not so simple. The potential implications of ransomware payments are larger than some may realise. Ethical questions around the enablement of ransomware hackers are raised, as well as the difference in income between a large firm such as Colonial and a public sector organisation like the NHS.
What is the damage?
The implications of ransomware payments could be huge. From losing some source code for a product to having millions of gigabytes of customer data stolen, ransomware is an incredibly lucrative tool for cybercriminals.
Charlie Smith, a consulting solutions engineer at Barracuda Networks, agrees that ransomware is “without doubt the biggest security threat facing individuals and businesses” and has been for some time.
“We’ve already seen numerous incidents of ransomware attacks on councils, schools, hospitals and other areas of critical national infrastructure and this trend is likely to continue indefinitely,” Smith said.
“The devastation caused by these attacks can be catastrophic, especially when critical data is hijacked and frozen, leaving organisations paralysed.”
Over the last few months, we have seen a spate of major ransomware attacks that have crippled, not only private firms like major games developer Electronic Arts, but public-sector systems such as the Irish healthcare system and the Colonial pipeline, affecting millions of people.
Should we pay, or shouldn’t we?
What can firms do to mitigate the threat of potential ransomware attacks? And should we be paying cybercriminals who have stolen precious data?
Jamie Smith, Board Director at cybersecurity consultancy S-RM, believes that although it is never preferable to pay a ransom, we must consider that ransomware cases are all different.
“You have got to weigh up the benefits and the risks appropriately, on a per case basis, to arrive at the most sensible decision for that basis,” Smith says.
But some people are paying. It was recently announced that meat processing giant JBS paid an $11 million (£7.8m) ransom to recover data stolen in a cyber-attack on its systems.
Related
- Major US fuel pipeline network crippled by ransomware attack
- JBS cyber attack: Firm forks out $11m ransom, but was it right to pay?
- Irish health service IT systems shut down following ransomware attack
Brazil-based JBS commented that the payment was made to ensure that customer data was protected and not exposed and was a “very difficult decision to make.”
“However, we felt this decision had to be made to prevent any potential risk for our customers,” the firm said.
Although JBS has now mitigated some of the effects of having their data stolen, what happens next is an unknown. Hackers may replicate the data and sell it whilst also taking the money paid to them, and it reinforces to the hackers that ransomware attacks work.
However, Smith says this is not what he has seen: “In general, when you pay the hackers, they stick to their word, and you get your decryption keys back and your data is not posted online.”
Where do we go from here?
According to research from Proofpoint’s State of the Phish 2020 report, more than 50% of companies hit by a ransomware attack last year decided to pay. This indicates a fear that firms have after being attacked.
This follows reports in April that threat actors have been leveraging Covid-19 as a way to target their attacks. Global ransomware attacks saw a massive increase in 2020, growing 485% compared to 2019.
The first and second quarter of 2020 saw the majority of the attacks, 64% – marking an increase of 19% on the first two quarters of 2019.
As well as the impact of the pandemic, the world has seen an increased use of technology as people work from home and firms adapt to changes in working practices. A boost in tech usage also means a boost in the chance of hacking.
Recommended
- Comment | What is it that makes 5G so special?
- Leader Insights | How essential is data literacy to business leaders?
- International Women in Engineering Day: Inspiration, challenges and future opportunities
“Last year aside, where we saw the adoption of technology increase, ultimately, for the last 20 years, we’ve seen more technology adopted effectively by companies, and that is making companies more efficient,” Smith continues.
“But what has been lacking really is the security considerations. As long as that is continuing to happen, cyberattacks are going to be here to stay.
“There is no doubt that change drives a lot of cyber-attacks because often in companies’ security considerations just aren’t taken into account, and that’s definitely the driver of a lot of attacks.”
Data from IBM revealed that 74% of organisations admit that their cybersecurity plans are “either ad-hoc, applied inconsistently, or they have no plans at all,” especially in the case of SME’s, 60% of which lack working and up-to-date cybersecurity policies.
The report revealed that the main element of every digital protection policy is people. A staggering 88% of data breaches are attributed to human error, and only 43% of workers admit to having compromised cybersecurity.
Additionally, there are many organisations still running on legacy systems, and with little to no security policies in place. This was evidenced by the NHS WannaCry attacks, which saw computer systems still running an outdated version of the Windows operating systems easily compromised by hackers.
Smith continues: “There is a lot of old technology out there is vulnerable, but it is really a skills shortage. Fundamentally that is the problem. It’s difficult to get access to skilled cybersecurity expertise and combine that with a load a lot of old technology and you have a ready-made attack surface.”