The Rise Of Ransomware Makes Cybersecurity A Key Factor In Business

Cyber security is very important to always be up-to-date to prevent ransomware. (photo: unsplash)

JAKARTA - Ransomware attacks have become the most widespread cyber threat in the world. The consequences are severe in 2021 for businesses ranging from one of the world's largest meat-packing companies to the pipeline that provides much of the fuel for the eastern US, to a standstill.

This problem is exacerbated by a growing practice among attackers of extracting confidential company data and storing it before locking down the victim's network. Victims who refused to pay the ransom were then threatened. They not only can no longer access their data and systems but also sit helplessly while their confidential files are released to the world even to competitors.

“Ransomware is now a double extortion concept”, said Allison Davis Ward, CPA, partner of Capin Tech, a division of CapinCrouse LLP headquartered in Indianapolis, Indiana. “The implications of not having controls in place to remediate and prevent it has a huge impact on the business”.

Ward said the risk from ransomware attacks prompted companies to increase their cyber resilience. He described it as a combination of prevention and detection controls that gave companies the ability to recover quickly.

“Having management understanding that is really the first step because they will be able to support your IT and cybersecurity group”, said Ward.

A large number of cybercriminals can be concluded that the crime of extortion via computer, put businesses under more pressure than ever before making them have to stay vigilant.

IBM Corp. recently said that ransomware has become the worst malware threat to businesses, representing 23% of attacks in their sample. For example, the attack that hit hundreds of businesses over the July 4 holiday weekend in the US led to supply chain intrusions through software provided by Kaseya Ltd. The attack was the latest to serve as a reminder of the increasing risk from ransomware.

The global average cost to recover from a ransomware attack in 2020 was USD 761.106, according to a report by British IT security firm Sophos.

“Organizations need to continue to evaluate the true nature of ransomware attack risk”, said Steven Ursillo Jr., CPA/CITP, CGMA, partner with Cherry Bekaert LLP in West Warwick, Rhode Island.

The evaluation should begin by looking at the organization's overall governance plan for its cybersecurity and then proceed with an examination of how computer networks and individual systems are protected from outside attacks.

Organizations then need to look at vulnerabilities in their technology supply chains and how they can respond to those vulnerabilities.

In addition, organizations need to assume that they are under attack and that the enemy has crossed the line. They must have systems and controls in place to identify any anomalies or indicators of compromise when an attacker tries to move laterally within the environment. Having a well-defined incident response plan will also be a key driver of successful recovery.

Businesses should also educate their staff about the risks of phishing attacks. “The access point of these attacks is always through some level of social engineering or phishing emails”, said Brian Lord, CEO of the London-based cybersecurity consulting firm Protection Group International Ltd. "It always happens."

“The perpetrators of ransomware attacks are very agile in spreading campaigns, and they are looking for new and new ways to get in”, said Ursillo. Hacker intelligence means that businesses must regularly review their information security environment, where data enters systems, where and how it is processed, and where it goes.

Lord advises companies to start securing their networks by reviewing their information technology architecture and then determining which systems are most valuable and require the most advanced protection. The next step is to ensure that there is a strict patch regime in place to ensure that updates from the provider are applied quickly.

“You need to apply security updates to anything and everything you tie to the internet”, Ward said.

Lord says that whenever a vulnerability is discovered (through research or attack) vendors are quick enough to write updates and patches to their software to cover exploited vulnerabilities. Delayed patching opens the door for attackers; Fast patching forces attackers to discover new vulnerabilities.

Lord advises companies to focus their security efforts on their most valuable systems and data and not try to build massive impenetrable barriers around every server and program.

“You identify critical systems or critical data, and you start protecting them really well”, Lord said. He explained that in most cases, the harder it is for a company to get hackers to attack its systems, the more likely it is that hackers will give up and shift their focus to other networks.