There are rare occasions when you open the news and don't find anything about cybersecurity in the headlines. According to the Australian Cyber Security Centre (ACSC), Australia has dealt with a cyberattack every 8 minutes in the financial year 2020-21, with over 67,500 cases of cybercrime registered in the same year.
Studies indicate that ransomware is one of the most frequent and damaging types of malware leveraged by cybercriminals. ACSC’s Annual Cyber Threat Report highlights that over 500 ransomware attacks were reported last year in Australia — a 15% increase in comparison with the year before.
While ransomwares have historically been targeting specific businesses, the recent cases show that these are in fact equipped to handle operations to disrupt critical infrastructure at large of a country and have effects felt by the society. Many words have been written about ransomware. However, there is still a lack of absolute clarity on how these attacks behave, which makes it difficult for companies to develop effective tactics to protect themselves.
In addition, ransomware encryption speed often renders risk mitigation as the primary defence, leaving organisations to manage consequences after an attack. A recent study by SURGe, Splunk’s strategic cybersecurity arm, found that a median ransomware can encrypt nearly 100,000 files or 53.93GB in forty-two minutes and fifty-two seconds. In other words, if an organisation is attacked by a successful ransomware infection, in less than an hour it can lose access to critical IP, employee information, and customer data.
The goal of this research was to understand if organisations were realistically prepared to react in time for effective mitigation in case of a ransomware attack. The timeline provided is clear in showing how limited is the window organisations have to respond in this kind of situation before the encryption is complete and the accesses are lost, especially considering that, as found by the Mandiant M-Trends report, the average time to detect compromise is three days.
With such a limited window, it’s unlikely that most organisations will be able to avoid a total loss of data from a ransomware attack. It also indicates how, more than ever, we must focus our efforts on developing mindful prevention strategies and decrease the reliance on response and mitigation in the event of an attack like this.
There are several practical steps and strategies that can be adopted — from better patching to asset inventory — but it’s clear that it all starts from moving left on the cyber kill chain and detecting delivery or exploitation rather than acting on the objective. Investing in prevention has also proved to be more cost-effective for organisations than the expenses that can be incurred in an attempt to recover from a ransomware infection.
The concerning volume and the advancement in the complexities and sophistication of these attacks combined with the significant uptake of online activities thrust by the pandemic put cybercrime at the heart of the national and international security context. This also makes regular reviews of security procedures and identification of new cyber threat combatting techniques an imperative.
What we can take from this is that risk mitigation must be a proactive and strategic focus from now on. Once attacked, ransomwares do not leave enough time to counteract — and that’s a risk we can’t afford. While governments and corporations across the world are rolling up their sleeves to combat cyberattacks and their impact on critical infrastructure, prevention and protection are essential. As cybercriminals constantly advance their techniques and adapt quickly to changes and disruptions, it is on each of us and every organization to keep up to date and identify innovative and effective ways to shield from these attacks.