Published on November 30, 2023, 9:19 pm
Ransomware attacks have been on the rise, with a staggering 95% increase compared to the previous year. These findings were revealed in Corvus Insurance’s Q3 2023 Global Ransomware Report. The data shows that there has been no slowdown, as global ransomware attacks in Q3 2023 are up by 11% compared to Q2 (Figure 1).
In Singapore, the story is no different, with 84% of organizations reporting a ransomware attack in 2023, compared to only 65% in the previous year. Hong Kong has also experienced a spate of high-profile attacks that have put ransomware risk in the spotlight. Businesses in Hong Kong are struggling to find ways to prevent and recover from these attacks.
Several government-related institutions in Hong Kong were targeted over a three-month period. Cyberport, one of the city’s largest startup and innovation development zones, along with the Consumer Council and Hong Kong Ballet, fell victim to ransom demands accompanied by stolen data. Technology-related crimes in Hong Kong surged by nearly 50% in the first half of the year compared to the same period last year, attributed to increased online economic activity as COVID-19 restrictions eased.
As a CIO myself, I understand the pressures faced by fellow CIOs and have collaborated with Veeam’s own CISO to develop a strategic response to cyberattacks. Through this experience, I’ve identified four crucial measures for an effective post-attack response.
When confronted with a ransomware attack, our initial instinct is often to eliminate the threat immediately. However, it is more beneficial for CIOs to first focus on isolating the attacker within the environment without taking immediate action against them. This approach prevents the attacker from causing further harm and allows for observation of their actions. Analyzing the threat actor’s behavior helps gain insights into their modus operandi and informs proactive strategies for future attacks.
With a comprehensive understanding of how the attacker gained access, corrective measures can be implemented. This involves removing the threat, patching vulnerabilities, recovering systems and data, and addressing any damage caused by the attacker. It is crucial to ascertain the extent of the compromise from both a systems and data perspective. By thoroughly assessing the impact of the attack, valuable data can be reviewed to determine what can be recovered and what requires further action.
Once the threat actor has been removed and breaches have been secured, CIOs should focus on implementing preventive measures to avoid future attacks. Conducting security scans helps identify immediate gaps or vulnerabilities in the company’s defense system. By analyzing the criminal profile associated with the attack, CIOs can concentrate on key variables such as target identification, attacker identity, actions taken, and impact caused. This analysis enables organizations to mitigate potential risks by identifying patterns of behavior that could lead to future breaches.
It is worth noting that while technical vulnerabilities are often highlighted as a significant risk factor, human error within organizations remains a critical entry point for attackers. Many attackers exploit human engineering tactics such as phishing scams. In cases where an attack originated from employee actions, immediate restrictions or access lockdowns can be applied to prevent further damage.
Informing stakeholders about a ransomware attack may not be pleasant but transparency is essential for maintaining trust while also keeping others informed about emerging threats. However, it is crucial to share information purposefully by coordinating with legal teams and boards to ensure messaging aligns with overall goals. Sharing too much information without proper planning risks reputation damage and exposes vulnerabilities for future attacks. Thoughtful coordination allows organizations to provide accurate information about steps taken to protect data and prevent future attacks, thereby demonstrating commitment to customer satisfaction.
Having followed the post-ransomware attack procedure, it is important to remember that ransomware attackers may strike again. Rather than solely focusing on securing previously breached areas, CIOs should proactively identify potential vulnerabilities and targets before an attack occurs.
Ultimately, CIOs must operate with the primary goal of securing their company’s future in mind. By implementing effective measures and adopting a proactive approach to cybersecurity, organizations can minimize the risks posed by ransomware attacks and safeguard their valuable assets.
This article was originally published on FutureCIO under the title “Golden ransomware rules for CIOs: Observe correct prevent and notify”.