By Brian Pinnock, cybersecurity expert at Mimecast -
Even as the world remains in the grip of a global pandemic that is showing no signs of abating, another threat is vying for the crown of number one risk to the global economy.
In scenes reminiscent of action thrillers, high-tech criminal organisations are targeting high-value organisations and critical national infrastructure.
Data is being locked away in encrypted formats and criminals are demanding ransoms for millions in exchange for the release of data or, in some cases, the promise to not release sensitive customer and company information such as passwords and ID numbers publicly (in what is known as double extortion attacks).
These ransomware attacks are forcing organisations offline, which can lead to major disruption of an organisation and their supply chains. Downtime means organisations are unable to deliver services which could be catastrophic when it affects critical national infrastructure.
Following a series of highly publicised ransomware attacks on businesses and critical US infrastructure, the US Department of Justice has announced it is elevating investigations of ransomware attacks to a similar priority level as terrorism.
Recent research by IBM also brings into stark relief the cost of data breaches to Middle East organisations. According to the latest data, the Middle East incurs the second-highest average cost per data breach of 17 regions surveyed, a staggering $6.93-million per data breach.
However, in a twist of irony, ransom payments are playing into the hands of criminals. When an organisation suffers a ransomware attack and makes the payment, they become prime targets for future attacks. And cyber insurance is no longer the silver bullet: many insurance firms no longer cover the cost of ransomware payments.
What can organisations do in response to the growing threat of ransomware attacks?
First, harden the email perimeter. Email remains the most attractive attack vector. Using a mature, cloud-based secure email gateway with advanced inbound and outbound scanning remains the most effective way to do that.
Second, deploy a layered email security strategy to augment the built-in email security of solutions such as Microsoft 365.
Third, protect and preserve corporate data by archiving to an independent, separately secured environment. This allows organisations to recover their data in the event of a successful ransomware attack while also maintaining a lean amount of data that reduces the organisation's exposure and attack surface.
Next, establish an email continuity plan that allows you to continue operating in the event of a cyberattack or other disruption. As the lifeblood of modern business productivity, email is essential to keeping the business running in the wake of a disruptive event, including ransomware attacks.
Fifth, support end-users by empowering them with regular and effective cybersecurity awareness training. This helps strengthen overall organisational defences and removes opportunities for threat actors to breach the perimeter due to human error or negligence.
Sixth, employ new technologies such as AI and machine learning to bolster the capabilities of security teams. Such tools can be invaluable in helping recognise patterns for detecting threats or vulnerabilities, equipping security teams with greater visibility over potential risk areas.
Finally, organisations must monitor and control shadow IT. With the rise of the hybrid digital workplace, the lines between employees personal and professional lives are increasingly blurred. Unsecured Wi-Fi, public file sharing services and insecure website access all increase the risk to the user and, by effect, the organisation. By gaining greater visibility over applications, security teams are better able to monitor which apps are being used and block those that pose a risk to organisational defences.
Oman Observer is now on the WhatsApp channel. Click here
