Brought to you by Sophos
With the frequency of high-profile cyber attacks of late, the thought of having one’s company data being locked up by ransomware must have been enough to keep many a business leader awake.
Now, there’s more to worry – hackers are not only encrypting the data but they are also exposing and selling it to further damage the victim.
The past year has seen a growing trend in cyber attacks, where victims are told not just to pay a ransom for the data that is being encrypted in their compromised systems, but also to prevent a damaging leak of that data, according to Sophos’ 2021 Threat Report.
This change in ransomware tactics raises the stakes. Even if a victim has adequate data protection through backups, it will struggle to contain an exposure of data that is stolen from its servers.
Think of confidential information such as customer details or financial reports that could seriously damage a business. It could also face regulatory penalties and lose customer confidence, just for a start.
The problem is a global one, and Singapore as a connected city-state faces its fair share of ransomware attacks. Indeed, 40 per cent of organisations here have experienced one such attack in the past 12 months, according to Sophos’ State of the Ransomware 2020 report.
The consequences were deeply felt as well. Data was encrypted in 63 per cent of the attacks that successfully breached an organisation.
The average global cost of addressing the impact of such an attack, including business downtime, lost orders, operational costs, and more, but not including the ransom, was US$730,000. This average cost rose to US$1.4 million, almost twice as much, when organisations paid the ransom.
Fifty-four per cent of IT managers in Singapore were able to recover their data from backups without paying the ransom, while 28 per cent paid the ransom and got their data back. Two per cent paid up but never recovered their data.
What do these numbers tell us? Truly, ransomware is not something that only hits a company that is unprepared or unaware of the risks. It is a threat that all organisations have to confront.
To make matters worse, the Covid-19 outbreak in 2020 provided a great opportunity for attackers, given the uncertainty of the situation. Many workers also started connecting from home, which became the new perimeter that organisations found themselves guarding.
Today’s ransomware groups can be divided into three segments – the most sophisticated target high-value, large enterprises, while a second-tier hit mid-sized enterprises and public services, and the rest aim for home users.
One interesting development is that hacker groups may even be collaborating for mutual gain. In March 2021, the Sophos Managed Threat Response (MTR) team found a link between the Mount Locker ransomware group and a lesser-known group called Astro Locker Team.
It is unclear if the two are truly distinct groups or if one of them is a new “brand” or offshoot of the other, but businesses menaced by either of the two groups should investigate the tactics, techniques and procedures (TTPs) of both groups.
As these threats increase, organisations have to rethink how they are keeping their data secure. Keeping cyber attackers out with traditional endpoint defences is a start, but the strategy has to go beyond detecting such attacks and reacting to them.
It has to involve next-generation cybersecurity solutions and active threat hunting. With highly complex IT environments, businesses have to make use of artificial intelligence (AI) to find undiscovered loopholes. They have to look for threats that are lurking and ready to attack.
Being proactive is key. However, few organisations have the right tools, people, and processes in-house to effectively manage their security programme around-the-clock while proactively defending against new and emerging threats.
After all, that is not the core business for most organisations. They simply wish to reap the benefits of going digital without exposing themselves to new threats all the time.
This is where a specialised team of experts, who combine both machine learning and expert analysis to proactive detect and deter such attacks around the clock, come in.
Going beyond simply notifying of attacks or suspicious behaviour, the Sophos Managed Threat Response (MTR) team takes targeted actions on a customer’s behalf to neutralise even the most sophisticated and complex threats.
With Sophos MTR, an organisation is armed with a 24/7 team of threat hunters and response experts who will proactively search for and validate potential threats and incidents.
They will also determine the scope and severity of threats and apply the appropriate business context for valid threats. When threats are detected, they can remotely disrupt, contain, and neutralise these threats, while providing advice to address the root cause of recurring incidents.
In other words, a full-time team of experts who would bring their experience and expertise to bear, immediately boosting the cyber defences of an organisation.
The good guys need all the capabilities at hand, just as cyber attackers are spending 24/7 to crack the best defences.
To find out more about Sophos’ Managed Threat Response, find out more here.