Ransomware is big business – here is what Singapore businesses should know
By Justin LohCities around the world including Singapore were laid bare by the pandemic that has forced businesses to start working from home on a massive scale. But it doesn’t just end here. This new model has dramatically broadened the cyberattack surface. Remote workers are now easy conduits to corporate resources, and most organisations are unprepared to spot unusual network activities generated by these remote users.
As the physical world comes to a temporary stall, the digital world – accelerated by remote working– is busier now than ever before, lifting the veil on ransomware’s long game.
A modern-day hostage situation
In the past, ransomware was something that only affected a few unlucky people who were forced to pay a couple of hundred dollars to regain access to their locked-out laptops. The Federal Bureau of Investigation (FBI) announced back in 2016 that the ransomware business will cross the US$1b threshold in the same year. Fast forward to present time, it is a multibillion-dollar-a-year industry, as cyber criminals pin the bullseye on vulnerable organisations.
Ransomware is on the rise in Singapore with 35 cases in 2019, according to a report by the Cyber Security Agency of Singapore (CSA), an increase of over 50% from 2018. Most of the attacks were targeted at the travel and tourism, manufacturing, and logistics industries. CSA also revealed a nearly three-fold increase in the number of phishing URLs hosted in Singapore. Commonly spoofed local firms included technology firms, banking and financial organisations and e-mail service providers. Immigration & Checkpoints Authority (ICA), Ministry of Manpower (MOM) and Singapore Police Force (SPF) were the most spoofed government organisations.
Attackers do not need to use fancy exploits – all it takes is for an average user to click on a malicious link in a phishing email for felons to infiltrate a system.
To negotiate or not to negotiate with cyber felons?
The costs do not stop with the ransom payout, according to a ransomware survey we conducted with 12,000 consumers across the world. Our survey findings showed that people want to see fines and compensation too. On top of this, there is the significant cost incurred to get a business back on its feet with downtime, loss of production, and challenges to deliver or bill for products. Where does it end? Despite the advice of many ransomware experts to never pay the ransoms, the number of organisations that are giving in to the extortion demands of cyber criminals have risen in recent years.
Whilst there's no shortage of ransomware attack examples, our study suggests some cognitive dissonance. For instance, 71% of respondents said companies shouldn't pay ransoms to hackers, but 55% demanded businesses to pay a ransom if their own personal data was at risk. The numbers point to a nascent blame game, which brings us to an even bigger problem that few, if any, companies are prepared for: Customers are increasingly laying the blame on companies, specifically their CEOs, rather than on the hackers perpetrating the attacks.
The numbers are sobering, as many as 40% of consumers we spoke to hold the leader of the organisation personally responsible for the attacks. It may seem that businesses are in an impossible situation with customers telling them both to pay – and not to pay – ransoms.
Small and medium-sized enterprises (SMEs) account for most businesses in Singapore and are especially vulnerable to ransomware as they may not invest in, nor have the resources of the bigger companies. No business is immune to cyber-attacks.
Ransomware is no longer a game of chance
Hackers are productive with their time, and they attack where there's opportunity and money. No strategy for dealing with a ransomware attack is without risk. Ransomware is about detection, protection, mitigation and recovery. Historically, IT have separated the first two into security and the last two into data protection.
However, we’re seeing how ransomware is changing administrative behavior. Security and data protection teams are now collaborating to address cyber threats unlike in the past where they used to address their issues in silos. Here is a four-step checklist to build resilience against cyber threats such as ransomware.
- Protect your IT systems by implementing the necessary personnel training to identify security gaps and invest in malware prevention tools and access management systems. For SMEs, the most sensible solution might be simply to upgrade to an operating system that has ongoing support and keep the patches up to date.
- Mitigate the impact of an attack by analysing the scope of infection and responding immediately with remediation tools
- Consistently monitor your IT environment by running anti-ransomware and intrusion detection tools
- You’re only as good as your last backup – ensure regular and successful backups; isolate and secure them with data recovery capabilities
Many businesses in Singapore can be too fixated on prevention with detection software and tools, but the best long-term defense is a proactive and collaborative data protection approach that cuts across all physical, virtual and cloud environments – bringing together the right people, processes and technology.
There is an often quoted saying that "culture eats strategy for breakfast" and that holds true when it comes to data protection. Understand the risks and have a tried-and-tested data protection solution in place before the hackers come with their demands.