Published on October 29, 2023, 9:37 pm
Enterprises around the world are rapidly embracing digitalization and agile methodologies, which is significantly changing their risk profiles. According to Gartner, many organizations are increasing their layers of defense against advanced attacks, which in turn adds complexity to defending against these threats.
The 2022 State of the Threat report from Secureworks highlights that ransomware, loaders, stealers, zero-day exploits, and cyber warfare and espionage remain persistent challenges. What’s more concerning is that threat actors are growing more skillful and stealthy in their approach.
Alex Tilley, Head of Intelligence Research for Asia-Pacific at Secureworks, observes that the cyber threat activities witnessed in 2021 have continued into 2022. He also acknowledges that threat actors are becoming more successful in penetrating networks. Tilley emphasizes that ransomware still poses a significant problem and that various malware families continue to emerge and disappear. Additionally, he notes an increase in attacks exploiting vulnerabilities exposed on internet-facing systems.
According to Tilley, there is a lack of security investment across the Asian region, including Australia. This not only includes financial investment but also resources like staff dedicated to security-related tasks. He cites patching software as an example where there is a lack of understanding regarding the importance of investing time in less flashy tasks such as log management and patching.
However, there has been a positive shift towards recognizing the importance of visibility. It is no longer sufficient to rely solely on security controls; organizations must be able to detect and respond when threats bypass these defenses. As a result, visibility has become a significant focus area for many organizations investing heavily.
Despite this growing awareness of cybersecurity risks, only 28% of Chief Information Security Officers (CISOs) surveyed ranked ransomware as a top concern in Proofpoint’s Voice of the CISO survey. Insider threats, distributed denial-of-service (DDoS) attacks, business email compromise (BEC), cloud account compromise, and malware were ranked higher. Tilley believes that CISOs still bear accountability for explaining why a ransomware attack occurred.
The prevalence of ransomware attacks is significant, with Statista estimating that 71% of companies globally were affected in 2022. Sophos reported that Singaporean businesses experienced a 25% increase in ransomware attacks in 2021, affecting an estimated 65% of surveyed organizations. The report also revealed that 48% of organizations paid the ransom to recover their data, even if they had alternative methods such as backups.
Regarding whether businesses should pay ransoms, Tilley emphasizes that the decision depends on each organization’s circumstances. Ideally, organizations should focus on preparedness to avoid paying ransoms altogether and be able to swiftly recover their data. Paying the ransom does not guarantee an immediate fix; it can still take weeks to regain full functionality.
Cybersecurity insurance has gained traction with MarketandMarkets forecasting the global market to reach $11.9 billion in 2022 and $29.2 billion by 2027. However, obtaining coverage is no longer as simple as contacting an insurance agent. Insurers are now mandating companies implement cybersecurity risk controls before providing coverage. Tilley explains insurers have learned from past experiences and are now significantly considering payouts when offering cyber insurance coverage.
To address these challenges, Tilley recommends CISOs prioritize preparedness by having discussions and planning before an incident occurs. Waiting until after an incident to make crucial decisions is not ideal, which is why spending resources on preparedness early on will save a lot of trouble down the line.
In conclusion, enterprises must recognize the evolving landscape of cyber threats and take proactive measures to protect their organizations from increasingly advanced attacks. Prioritizing security investment, visibility, and preparedness will enable them to mitigate risks effectively and respond rapidly to incidents like ransomware attacks. Ultimately, safeguarding critical assets and ensuring business continuity are paramount in today’s digital landscape.