BRIAN PINNOCK: Four out of 10 SA organisations fail to get data back despite paying ransom

It’s not a stretch of the imagination to describe the current business environment as hostile. From pandemic-enforced changes in the ways businesses operate to constrained economic growth and stifled demand for many services, business leaders across industries have their hands full.

In the midst of the general upending of life-as-usual, a rising threat is posing additional challenges to organisations. In scenes reminiscent of action thrillers, hi-tech criminal organisations are targeting high-value organisations and critical national infrastructure.

Data is being locked away in encrypted formats and criminals are demanding ransoms of millions in exchange for the release of data or, in some cases, the promise not to release sensitive customer and company information such as passwords and ID numbers publicly (in what is known as double extortion attacks).

While ransomware attacks have been growing in volume and sophistication, it was not until the last year or so that they gained the mainstream attention we see today.

Terrorism

Ransomware attacks usually force organisations offline, leading to major disruptions within organisations and their supply chains. Downtime poses the risk of organisations not being able to deliver services, which can be catastrophic when it affects critical national infrastructure such as power grids and ports.

After a series of highly publicised ransomware attacks on businesses and critical US infrastructure, the US department of justice announced it is elevating investigations of ransomware attacks to a similar priority level as terrorism.

Australia’s defence ministry has set up a specialised cyber security centre to tackle ransomware, and other forms of cyber attack, head-on, and the European parliament, alarmed at even prepandemic increases in ransomware attacks, briefed members on strategies to protect Europe’s highly lauded electricity grid.

Closer to home, businesses — already under pressure from successive restrictive lockdowns, ongoing energy constraints and weak economic growth — are besieged by a growing volume of all forms of cyberattack.

Nearly half (47%) of SA organisations in Mimecast’s State of Email Security report said they were hit by a ransomware attack in the past year, with consequences ranging from business interruption (53%) and financial losses (38%) to negative impact on regulatory compliance (30%).

Those hit by ransomware experienced an average of seven days of downtime and for 44% it was a week or more. The cost of these attacks, or any type of successful cyber attack, is immense. According to research by the Ponemon Institute, data breaches cost SA organisations an average of $2.14m, about R30m, per breach. Worryingly, it took SA organisations an average of 177 days to identify a data breach and another 51 days to contain it. 

Organisations also have to contend with the requirements of the Protection of Personal Information Act, which has strict guidelines for protection against and disclosure of any data breaches, including where ransomware has been utilised.

In a desperate bid to get their data back, avoid downtime and prevent damage to their customers and reputations, organisations are paying huge sums to these criminal organisations. Mimecast research found that 53% of SA organisations that had suffered a ransomware attack paid the ransom, but only 60% actually recovered their data — four out of every 10 never got their data back despite paying the ransom.

Ransom payments actually play into the hands of criminals. When an organisation suffers a ransomware attack and makes the payment it becomes a prime target for future attacks. And cyber insurance is no longer the silver bullet: many insurance firms no longer cover the cost of ransomware payments.

Layered security

What can organisations do in response to the growing threat of ransomware attacks? A layered security approach that protects the transmission and storage of data while empowering every employee from the shop floor to the top floor with skills and knowledge to avoid risky online behaviour is proven to reduce cyber security related risks.

Email, still a favoured attack vector for cyber criminals, needs to be secured with additional security tools that can block highly targeted, sophisticated attacks. Recent Mimecast research found that 95% of SA IT decision-makers use additional third-party solutions to better secure their business email platforms, with nearly half (47%) identifying ransomware as a reason. And by integrating with other best-of-breed security solutions, you can speed up detection and response.

Critically, business leaders need to develop a culture of cyber security awareness and safe online conduct that limits the organisation’s exposure to risky individual action by employees. Multiple studies suggest human error plays a role in 90% of all successful cyberattacks, so organisations need constant and impactful awareness training to equip employees with the ability to spot — and avoid — behaviour that could put them and their organisations at risk.

Organisations must monitor and control shadow IT. With the rise of the hybrid digital workplace, the lines between employees’ personal and professional lives are increasingly blurred. Unsecured Wi-Fi, public file sharing services and insecure website access all increase the risk to the user and, by effect, the organisation. By gaining greater visibility over applications, security teams are better able to monitor which apps are being used and block those that pose a risk to organisational defences.

Unfortunately, there is no silver bullet for preventing ransomware attacks, so organisations need to ensure they are ready, no matter the outcome. Corporate data should be preserved and archived in independent, separately secured environments that allow organisations to quickly recover their data in the wake of a successful ransomware attack.

Finally, as the life blood of modern business productivity email is essential to keeping the business running, and organisations need robust email continuity strategies that enable them to continue operating when systems are forced offline in the event of a cyber attack.

• Pinnock is cyber security expert at Mimecast.