Digital space remains a critical field to hold high vigilance from bad actors that loom to steal data and ruin businesses and lives in exchange for money or information. Cybersecurity efforts have been abruptly bolstered with the sudden surge in cybercrime which came along with unanticipated digital migration of businesses, stemming from the COVID-19 Pandemic. More than a handful of hits have been caused by ransomware, attacks which make use of data encryption, lockout, or even deletion unless paid ransom dues. Payment of ransom demands does not even guarantee data recovery, therefore this particular cyber-assault cannot be and must not be overlooked.
WHAT HAS BEEN HAPPENING LATELY?
Prominent corporations such as Toshiba and AXA have been recently reported victims of ransomware attacks, yet SMBs and even local governments remain as susceptible, and as a matter of fact, comprise the large pie of successful attacks. In 2020, the Philippines ranked 6th in the global number of recorded web threats, accounting for 44.4M computer web-borne threats. Cybersecurity Group Sophos has also reported a 12% increase in ransomware attacks targeted at Philippine corporations in 2021, and this costed an average of PHP 40M inclusive of ransom payment and downtime costs. Ransom extortion insurance claims have more than doubled over the course of the pandemic, and costs for recovery from a ransomware attack have drastically increased, even doubling over a span of months.
WHY DOES RANSOMWARE WORK?
To understand the adversary, it is imperative to understand the nature of the modus and its target. The effectivity of ransomware may be attributed to many factors, namely as follows:
The human element—the weakest link in the chain of security. In the absence of work-issued laptops, the use of personal workbooks with lower protection for work becomes the easiest point of access for network infiltration. Moreover, untrained individuals are highly susceptible to scams like phishing, and even trained ones may be caught off-guard.
Large network size. More potential points of entry mean higher vulnerability. Large assemblies like universities have difficulty managing this as, with the human element in mind, students access data with personal devices while connected to the school network.
Need for swift processing. Independent from human error, technology may fill in the gap. Yet, for organizations like hospitals wherein operation speed is an essential factor, ease of data access becomes a double-edged sword as it also allows easy data access externally once penetrated.
Data sensitivity. Technology is not immutable, that is why update patches are released frequently. Inadequate protection, including updating, leads to high risk. If hit, high stakes companies like financial firms suffer the largest blow due to the nature of their work. Hence, ransomware demands become extremely effective once a successful hit is blown, and the vicious cycle continues as payment encourages more exploitation and malware innovation.
WHAT ARE THE BEST PRACTICES?
ASSUME YOU WILL BE HIT. Do not wait to get hit before you prepare for cyberattacks, for it would be too late by then. Comprehensively review your cybersecurity side-by-side with the reasons why ransomware attacks work. With the human element, social set-up, and technology in mind, resounding the diagnosis of IT experts and cybersecurity specialists around the world, we likewise highly recommend working on the following procedures:
- Make back-ups and keep an offline copy.
- Keep your OS and software up to date.
- Deploy layered protection.
- Combine the skills of IT experts with advanced technology.
- Train employees on best practices.
- Do not pay ransom.
- Prepare a comprehensive recovery plan.
Even for small organizations, and especially because of this smallness, sufficient protection is required to thrive. It may be that you are not the main target of extortion, but you may serve as a vector to infect others. The bottom-line: Do not wait to practice excellent IT hygiene.