Why the current climate is increasing ransomware threat
According to , ransomware attacks increased by 20% in the first half of this year. When we look at this in terms of the number of ransomware attacks, it’s 121.4 million ransomware attacks by July 2020.
So, what’s contributed to this rise in attacks? The global pandemic, which has disrupted every industry, impacted every single person, and affected economies across the world, has contributed. But it’s not the only factor. While we can’t ignore the pandemic, we also can’t ignore political and social movements that not only impact our daily lives, but also contribute to creating a perfect environment for ransomware attacks.
But what is it about these events that have led to a rise in ransomware? And how can businesses stay safe when the threat of attack is at an all-time high?
Understanding the ransomware threat
First, it’s important to understand what the threat of a ransomware attack looks like. Compartmentalised definitions have led many businesses to believe ransomware is a type of attack. But it’s not a type of attack—it’s a model of attack that can take many forms. When a cybercriminal performs a ransomware attack, they’re ultimately thinking “how can I compromise someone’s cybersecurity, and monetise it?”
When we think of the ransomware attacks that have done the most harm, they’ve been attacks targeted at governments, or at counties and cities. Whether it’s denial of service or disruption of services, the aim has been to cause disruption to enough services that cybercriminals can get a bigger paycheck.
But while the paycheck is important, so is making the process as simple as possible. Which means cybercriminals are looking at ways to innovate so that they can cut out the middleman. The recent Twitter hack, which targeted the accounts of Bill Gates, Barack Obama, Kanye West, and Elon Musk was a perfect example of this—eliminating the middleman and facilitating direct payments quicker.
The attractiveness of this model is only going to rise. Cybercriminals are going to favour attacks that can cause as much disruption to businesses and services as possible. And simplicity of payment is how these attacks will evolve.
The time is now
So, what is it that has caused the sudden rise in ransomware in 2020?
The economic downturn caused by the Coronavirus pandemic is a contributor to the rise in ransomware. Whenever there is a period of economic uncertainty, cyberattacks tend to rise— more people at home, higher unemployment, and more people trying to make ends meet leads to more cybercriminal activity. And throwing global lockdowns into the mix only intensifies these side-effects.
We also can’t ignore the social movements we are seeing take place across the world coupled with political unrest. With all of these life events coming together simultaneously, it creates the perfect business opportunity for the bad guys and spells higher risk for the good. Businesses need to be prepared.
Keeping safe from ransomware
While this new highly charged environment creates a higher security risk, there are ways in which businesses can help ensure they remain safe.
Awareness is key. Businesses will need to be much more diligent when it comes to phishing—notifying teams will be important. Knowing that the level of threat is higher can help ensure that the crown jewels aren’t compromised.
It’s also important for IT and security teams to listen, to watch, and to understand the IT environment. Look for deviations, and look for activities that might seem a little off. And don’t discount anything—of course there will be instances where the obviously abnormal things are abnormal—but look out for the outliers too.
Finally, ensure no stone is left unturned, and look for the small areas of compromise. While being on ‘high alert’ will require some more time and effort, putting your own guard up might be the difference between staying safe, and becoming a victim.
The threat of ransomware is only set to rise given the lasting impacts of the Coronavirus pandemic. Businesses need to ensure they are aware of the threat, and take the necessary steps to ensure they stay safe.
By Tim Brown, VP Security, SolarWinds MSP
IT Employees Predict 90% Increase in Cloud Security Spending
As companies get back on their feet post-pandemic, they’re going all-in on cloud applications. In a recent report by Devo Technology titled “Beyond Cloud Adoption: How to Embrace the Cloud for Security and Business Benefits”, 81% of the 500 IT and security team members surveyed said that COVID accelerated their cloud timelines. More than half of the top-performing businesses reported gains in visibility. In fact, the cloud now outnumbers on-premise solutions at a 3:1 ratio.
But the benefits are accompanied by significant cybersecurity risks, as cloud infrastructure is more complex than legacy systems. Let’s dive in.
Why Are Cloud Platforms Taking Over?
According to Forrester, the public cloud infrastructure market could grow 28% over the next year, up to US$113.1bn. Companies shifting to remote work and decentralised workplaces find it easy to store and access information, especially as networks start to share more and more supply chain and enterprise information—think risk mitigation platforms and ESG ratings.
Here’s the catch: when you shift to the cloud, you choose a more complex system, which often requires cloud-native platforms for network security. In other words, you can’t stop halfway. ‘Only cloud-native platforms can keep up with [the cloud’s] speed and complexity” and ultimately increase visibility and control’, said Douglas Murray, CEO at cloud security provider Valtix.
Here’s a quick list of the top cloud security companies, as ranked by Software Testing Help:
What are the Security Issues?
Here’s the bad news. According to Accenture, less than 40% of companies have achieved the full value they expected on their cloud investments. All-in greater complexity has forced companies to spend more to hire skilled tech workers, analyse security data, and manage new cybersecurity threats.
The two main issues are (1) a lack of familiarity with cloud systems and (2) challenges with shifting legacy security systems to new platforms. Out of the 500 IT employees from Devo Technology’s cloud report, for example, 80% said they’d sorted 40% more security data, suffered from a lack of cloud security training, and experienced a 60% increase in cybersecurity threats.
How Will Companies React?
They certainly won’t stop investing in cloud platforms. Out of the 500 enterprise-level companies that Devo Technology talked to throughout North America and Western Europe, 90% anticipated a jump in cloud security spending in 2021. They’ll throw money at automating security processes and investing in security upskilling programmes.
After all, company executives will find it incredibly difficult to stick with legacy systems when some cloud-centred companies have found success. Since moving from Security Information and Event Management (SIEM) offerings to the cloud, Accenture has saved up to 70% on its processes; recently, the company announced that it would invest US$3bn to help its clients ‘realise the cloud’s business value, speed, cost, talent, and innovation benefits’.
The company stated: ‘Security is often seen as the biggest inhibitor to a cloud-first journey—but in reality, it can be its greatest accelerator’.