By Pierre Samson, Chief Revenue Officer (CRO), Hackuity
Ransomware attacks have become a serious threat. The Philippines has become the third most affected country worldwide in 2022. Local companies paid $1.6 million on average to attackers last year, double the global average of $812,360. Sophisticated hacker groups are conducting larger and more frequent data intrusions.
Cybercriminals like the AlphV BlackCat carefully select their victims with apparent vulnerabilities that can be exploited easily. They extract data from the organisation and threaten to publish it unless a ransom is paid. If the victims won’t respond, the group publicly shames them, revealing the leak, while further ramping up the pressure. In September, the technology provider for Philippine Airlines’ frequent flyer program Accelya was attacked by BlackCat.
Threat actors are less inclined to stay under the radar these days. They have been vocal and willing to share details with the media of how they breached the organisation’s cybersecurity perimeter. The cybergroup that attacked AirAsia in November brazenly stated how the chaotic configuration of the airline’s network frustrated them so much that they decided to abandon their assault.
Stay prepared, stay safe
A vast majority of breaches are easily avoidable with proper cyber hygiene and effectively implemented security measures. Companies often explain the sophistication of intruders, but there is only one factor that targets can ultimately control: their own (lack of) preparedness.
Over the pandemic years, many corporations have been consolidating and rationalising their tech spending. Investments were made to digitise the business, a necessity in order to keep the lights on. IT focused its efforts on enabling remote work to keep employees and internal systems safe and functioning.
But the digital transformation and ever-expanding technologies like cloud, business apps, and IoT devices also grew the attack surfaces for hackers. As a result, it has become increasingly difficult for IT departments to defend their own systems, creating a need for innovative security solutions. It’s a main reason why the cybersecurity industry is so resilient today.
What really counts now
In the past, tech leaders used to have deep pockets to spend on solutions—even overlapping ones—to keep their organisations secure. Multiple solutions nevertheless only provide a fractured view. Organisations need a single source of truth to be able to make sound judgement calls. They need less noise, fewer false positives, and proper company-specific context. They have to identify blind spots so they can implement an effective response.
You cannot protect what you do not know. Yet most companies do not have clear visibility on all their cyber assets, even with an up-to-date CMDB or the latest CAASM solution. Therefore it’s important to direct resources to where they are truly needed. In the coming months, management will be demanding tighter ROI of tech spending as the macroeconomic climate deteriorates.
Resource crunch is a risk. More trained professionals are needed to mitigate threats, but high staff turnover brings along a knowledge gap on how internal tools and systems function.
Automation could be a solution. After all, the number of threats and risk exposures has soared to a point where humans can’t keep up anymore. Still most companies fall back to the easiest path by just fulfilling their minimal compliance obligations. It’s adopting a box-ticking mindset, as opposed to having an effective security programme that offers a more solid cyber posture.
Let’s begin with the basics
Effective security programs involve optimised vulnerability management where low-level tasks are automated, an effective prioritisation of management tasks that doesn’t leave any blind spots in the cybersecurity perimeters. Before you start talking about AI, and the latest bells and whistles, look where you are still using Excel spreadsheets and where teams of analysts are doing tedious, manual work. There are plenty of low-hanging fruits.
Ransomware will still be high on the list in 2023, as it is very lucrative and easy to carry out for attackers with limited risk of retaliation. According to a study, 60% of the victims actually pay the ransom. Companies want to protect their reputation, their customers’ data, and avoid financial—and penal—repercussions due to stricter data privacy laws in many jurisdictions.
Organisations get easily distracted by the latest attack news, prompting them to ramp up their defence against the current threat. But more often, security breaches involve previously known but still unfixed IT vulnerabilities. Except that more than 80% of cyberattacks use a vulnerability published half a decade ago. Translation: either cybersec professionals don’t care (not true) or they can’t keep up on their own (it’s time we admit that).
The fundamentals haven’t changed: Hacks happen either through social engineering or by exploiting vulnerabilities. Proper “cyber hygiene” consists of arranging awareness training for employees, who are the first line of defence, and regularly patching critical systems to have countermeasures in place. This is where vulnerability management comes in—by bringing clarity to the cyber chaos.