Published on November 17, 2023, 4:12 am

Ransomware attacks have been making headlines around the world, causing financial damage and disrupting businesses and organizations. According to the Cybersecurity Agency of Singapore (CSA), ransomware remains a major issue both in Singapore and globally, with a 13% increase in ransomware incidents reported in 2022.

These cyberattacks not only affect financial institutions and businesses but also pose a threat to healthcare institutions, power companies, and even national security. In fact, one type of ransomware alone has extorted about $100 million from over 1,300 companies worldwide.

The Asia-Pacific region is particularly vulnerable to these cybercriminals, with ransomware pay rates being higher than the global average at 18.9%. Criminals are becoming more sophisticated with their methods by exploiting vulnerabilities in flexible working arrangements, such as using multiple devices and home IoT networks.

To make matters worse, criminal developers have started offering “ransomware as a service” (RaaS) on the dark web. This allows individuals without coding skills to mount an attack themselves, further increasing the number of potential threats.

High-profile attacks in the Asia Pacific region have prompted discussions about privacy laws. For example, Australia’s private health insurer Medibank is facing a class action lawsuit after personal data from millions of customers was released on the dark web. In Singapore, the Law Society had to address security gaps following a ransomware attack that compromised personal information of more than 160,000 members.

In response to these increasing threats, governments are introducing new reforms to data protection laws. Singapore has implemented new amendments to its Personal Data Protection Act (PDPA), increasing the financial penalty cap for breaches. Across APAC markets, legislation varies but privacy regulations are being revisited and accelerated. The EU’s General Data Protection Regulation (GDPR) is influencing data protection development in Asia.

Despite the potential financial losses and fines associated with ransomware attacks, it seems that companies are not taking the risk and compliance implications seriously enough. A recent survey by Veritas revealed that many companies lack preparedness for such attacks, with a low percentage having complete confidence in their organization’s backup strategy.

IT teams also face challenges in maintaining visibility across the entire technology stack due to the use of multiple cloud service providers. This lack of visibility increases the complexity of maintaining effective data management and protecting against ransomware attacks.

To strengthen data protection, organizations need to have a multi-layered strategy that goes beyond endpoint security alone. They should have complete visibility of where their data resides and understand what types of data are being used and how it is being accessed. Adopting an autonomous cloud data management platform that combines automation with advanced AI can help detect deviations in data access patterns and prevent ransomware intrusions.

Backup and recovery should always be a last line of defense against ransomware attacks but must also be integrated into a comprehensive cybersecurity strategy that includes threat detection, data recovery, and response measures. Establishing a long-term framework strategy based on the five key functions identified by the National Institute of Standards and Technology (NIST) is recommended.

In conclusion, as ransomware attacks continue to threaten businesses and organizations globally, it is crucial for companies to prioritize data protection and cybersecurity measures. By adopting multi-layered strategies and leveraging advanced technologies like AI, organizations can reduce the likelihood of being targeted by ransomware attacks and mitigate potential risks.


Comments are closed.