In the Asia Pacific (APAC) region, ransomware has become a productive and challenging problem for companies in all industries. the Average cost Fixing a ransomware attack increased by more than $ 1 million, with remediation costs, including business downtime, lost orders, operational costs, and more, from an average of $ 1.16 million in 2020 to $ 2.34 million increased in 2021. APAC organizations are 80% more likely than the global average to be targeted by a cyber attack.
It’s not just the propensity, but the type of attacks that we face as more and more cyber criminals target customer and supply chains and take over government organizations or large private companies (like Kaseya). Earlier this year, the Singapore Cyber Security Agency (CSA) reported a 154% increase in ransomware casesthat affects small and medium-sized businesses in sectors such as manufacturing, retail and healthcare. As recently as August 2021, a ransomware attack in the city-state affected the personal data and clinical information of over 73,000 patients at a private eye clinic. In addition, a leading insurer, Tokyo Marine Insurance Singapore, and technology company Pine Labs were also victims of ransomware attacks in the same month.
Ransomware development a major concern in APAC
In 2021, cybercriminal groups acted much like a SaaS tech company in what can be called ransom-as-a-service to operationalize attacks and monetize them as much as possible.
This has signaled a huge change compared to traditional ransomware, as these attacks are no longer based solely on automated malware and are therefore not nearly as predictable. We often don’t see it until it’s too late, so we need to understand the attackers first and then isolate them in our environment as soon as possible before the malware shows up. RansomOps is a departure from traditional malware that is delivered in a much more predictable and automated manner.
Additionally, the pandemic has resulted in massive cloud adoption, and alongside that we’ve seen RansomOps subsidiaries look for new ways to target across public cloud platforms like AWS and Azure. This offers attackers the opportunity to get even faster than the already fast 8-30 days from the first access to the ransom. In fact, these attacks can be completed in a day.
It is becoming more and more apparent every day that we need robust cybersecurity systems and solutions to protect not just our data, but all of our business operations and, essentially, the livelihoods of our employees. There is no panacea for all things cybersecurity. However, as a starting point, companies need a strong cyber resilience policy. To do this, the mindset must go from “when” we will be compromised to “when” we will be compromised. Once that mindset change has taken place, the policy must take people, processes, and technology into account to ensure that security teams have a clear view of all assets on the network, including the cloud and data center infrastructure.
Security best practices to combat ransomware
A high level of transparency is key to identifying the attack surfaces to which the company is exposed. To be prepared for this, you need to make sure that your organization can identify violations quickly. This means that you will regularly participate in rigorous exercises that review security controls, existing processes and procedures, and identify any gaps. Make sure you patch well and carefully, and are running the latest security software with a strong strategy on the network and at the endpoint.
APAC companies must also invest in ongoing cybersecurity training of all their workforce. We need to ensure that boards of directors are aware of the risks of RansomOps and the potential impact it can have on the company. Practicing how the company responds to a ransomware incident through tabletop exercises with all senior officers and board members is an effective method. This shows the responsibilities that the company has to protect itself in the event of such incidents and ultimately shortens the response times in the specific case.
With a technology partner who specializes in threat detection and response, you can break everything down into very detailed attack phases – command and control, reconnaissance, lateral movement – and exfiltration. You can break this down further into specific behaviors during these stages to help identify what could possibly be a ransomware incident early and to ensure normal operations. Overall, organizations need to establish a corporate culture that understands risk and then implements risk-mitigating technology controls backed by procedures for identifying, responding, and recovering from cyber incidents such as RansomOps.
#Ransomware #RansomOps #Businesses #Increasingly #Vulnerable #APAC #CPO #Magazine