Like many of the misfortunes that plague businesses, ransomware is something that always seems to be happening to others - until it happens to you. It is then that its impact is properly understood and felt, as the nightmare you don't seem to be able to wake up from.

According to the head of the National Cyber Security Centre (NCSC), ransomware attacks present "the most immediate danger" to the UK, with cyber-attacks linked to the Covid-19 pandemic also likely to be prevalent for many years to come. Lindy Cameron warned that cybercriminals and other malicious actors continue to see ransomware as an "attractive route", as long as firms do not adequately protect themselves or agree to pay the ransom when attacked - something the NCSC has consistently exhorted companies not to do.

STERN WARNING
Chris Harris, Europe, the Middle East and Africa (EMEA) technical director at Thales UK, says Cameron's comments should serve as a stern warning to all companies around the world. "As we have seen by the increase in attacks this year and diversity of victims - from SolarWinds to Ireland's Health Service, Hackney Council and the Colonial pipeline - no one is immune to a hacking attack and the impacts can be devastating.

"One of the biggest misconceptions around ransomware is that hackers are only after a quick pay day and the only real damage done is to a company's reputation. The reality is hackers have the ability not just to take files, but also impact the running of an entire organisation - from taking down payroll to compromising critical national infrastructure, which can have a detrimental effect on the public. In the worst cases, ransomware can present a real physical threat to individual's lives - for example, when hospitals are attacked and patients put at risk," he adds.

All businesses must wake up to the wide-ranging risk of ransomware attacks, he adds, and enact the right security and backup controls to ensure their entire company and its customers don't become victims of a potential attack. "This means understanding where data is held and protecting it at its core with encryption measures that only those authorised can access."

ATTACKS STEPPED UP
Research from managed security services provider Orange Cyberdefense reveals there has been a 13% increase in cyberattacks on enterprises over the past 12 months, with a rise in ransomware incidents and, for the first time, a noticeable wave of attacks against mobile devices. The 'Security Navigator 2022' provides a detailed analysis of more than 50 billion security events analysed daily over 12 months by the company's 18 Security Operation Centers (SOCs) and 14 CyberSOCs across the globe.

Monitoring showed that, of the 94,806 incidents flagged during monitoring as being potential threats, analyst investigation confirmed 34,156 (36%) to be legitimate security incidents - a 13% increase on the year before. More than a third (38%) of all confirmed security incidents were classified as malware, including ransomware - an increase of 18% on 2020.

The report found that almost two thirds (64%) of the security alerts dealt with by Orange Cyberdefense analysts turned out to be 'noise' and did not represent a genuine threat - an increase of 5% on the previous year. The findings suggest that many organisations, particularly small and medium sized businesses, will require more resources to filter this massive amount of data for potential threats. The risk is that these businesses will become increasingly vulnerable to attack as the level and volume of activity continues to rise.

POPULAR TARGET FOR EXPLOITS
The Security Navigator also reports that mobile operating systems like iOS and Android in a business context are an increasingly popular target for exploits. Many of the activities appear to be related to commercial companies contracted by law enforcement and intelligence agencies. However, the vulnerabilities and exploits developed will likely not stay in that realm, but have in the past and will likely in the future find their way into the criminal ecosystem as well (such as the WannaCry attack of 2017).

Chris Harris, Thales: no one is immune to a hacking attack and the impacts can be devastating.

Orange Cyberdefense predicts attacks targeting mobile devices are likely to continue on this upward trajectory. "This is a development that security professionals will need to pay closer attention to. Mobile platforms are key in modern access protection concepts, namely multi-factor authentication (MFA), which is commonly used in corporate environments to protect cloud access, for instance," it states

Another key finding of the new Security Navigator is that malware, including ransomware, was the most common type of threat reported across the analysis period, with 38% of all confirmed security incidents classified as malware - an increase of 18% on 2020. Among the key malware trends were:

• A decrease in confirmed downloader activity (malware that downloads and runs other malware on affected systems) in November and December 2020 after the Trickbot botnet was taken down by law enforcement, and in January and February 2021, directly after Emotet was taken down
• An inverse correlation between the stringency of Covid-19 lockdowns and the volumes of downloader and ransomware activity: the more stringent the lockdowns, the less of this activity, running contrary to the prevailing narrative that attacks increase when users work from home
• Large organisations see more than double (43%) the amount of confirmed malware incidents than medium-sized businesses.

"Attacks like Solorigate show that even trusted software from reliable vendors can turn into a trojan horse for cunning attackers," says Hugues Foulon, CEO of Orange Cyberdefense. "Technology alone cannot be the solution to this problem and, as our data shows, we have seen a 13% increase in the number of incidents in just one year and these incidents keep increasing year on year. A large proportion of the tech-driven security alerts that our analysts deal with are just noise, but this puts a tremendous strain on already stretched IT and security teams.

Errol Gardner, EY: it falls on CISOs to ensure that CEOs have the right understanding of the value that investing in cybersecurity brings.

"Indeed, not all businesses have the means or resources to employ managed security services providers to help them sift through the 'noise' and find the actionable security 'signals'. We thus believe that security technologies can, and must, do better."

DEVASTATING IMPACT
The EY Global Information Security Survey 2021 (GISS) illustrates the devastating and disproportionate impact that the COVID-19 crisis has had on a function that is striving to position itself as an enabler of growth and a strategic partner to the business.

Through a global survey of more than 1,000 senior cybersecurity leaders, it finds CISOs and security leaders grappling with inadequate budgets, struggling with regulatory fragmentation and failing to find common ground with the functions that need them the most. "Indeed, the upheaval of the global pandemic has created a perfect storm of conditions in which threat agents can act," says EY. "Since the 2020 GISS report, there has been a significant rise in the number of disruptive and sophisticated attacks, many of which could have been avoided had companies embedded security by design throughout the business."

Hugues Foulon, Orange Cyberdefense: Attacks like Solorigate show that even trusted software from reliable vendors can turn into a trojan horse for cunning attackers.

Amongst the challenges that besiege them is, not surprisingly, ransomware. As organisations rolled out new customer-facing technology and cloud-based tools that supported remote working and kept the channel to market open, the speed of change came with a heavy price. "Many businesses did not involve cybersecurity in the decision-making process, whether through oversight or an urgency to move as quickly as possible. As a result, new vulnerabilities entered an already fast-moving environment and continue to threaten the business today."

LONG-TERM IMPACT ASSESSMENT
At the time of writing, CISOs and their teams may not yet have completed a full assessment of the long-term impact that their company's new technology will have on its defences, states EY. But, in the meantime, it's likely that their colleagues are continuing to use the technology regardless.

"The urgency of the crisis meant that security was overlooked, even while organisations were opening up systems that had never been open before," reflects Richard Watson, EY Asia-Pacific cybersecurity risk consulting leader. "Not all organisations acknowledge they now need to go back and address those issues."

DISRUPTIVE ATTACKS INCREASE
The risks of moving on without addressing the issues are, however, very real and increasingly urgent. More than three in four (77%) respondents to this year's GISS warn that they have seen an increase in the number of disruptive attacks, such as ransomware, over the last 12 months. By contrast, just 59% saw an increase in the prior 12 months.

"Yet CISOs are struggling to make themselves heard," points out EY. "Most respondents (56%) admit that cybersecurity teams are not consulted, or are consulted too late, when leadership makes urgent strategic decisions. While some maintain that this happens 'not very often', it only needs to happen once for a flaw in the defences to be exploited by threat actors."

An additional concern, at least in the US, says the report, is that the Department of Justice has raised ransomware attacks to the same priority level as terrorism and is coordinating investigations through a task force in Washington. Might the UK follow that lead?

TRANSFORMATIONAL ROLE OF CISOS
"CISOs are central to an organisation's efforts to transform and deliver long-term value," says Errol Gardner, EY global vice chair-consulting. Discussing how CISOs should position themselves as enablers of transformation, Gardner adds: "While CEOs are on a path to realise their vision and successfully transform their businesses through technology, they can't afford to turn a blind eye to the cyber risks this poses.

"At the same time, it falls on CISOs to ensure that CEOs have the right under-standing of the value that investing in cybersecurity brings and that they recognise that as an integral part of the transformation journey. Investing in building a strategic relationship between CISOs, CEOs and the rest of the C-suite will help ensure that transformation programs are not only successful, but also implemented in a cyber-secure way for the organisation and its people."

RANSOMWARE ATTACKS SOARING BY 70% EVERY MONTH
Meanwhile, as reported by Channel Eye, cybersecurity and GDPR compliance platform Naq Cyber has warned that ransomware attacks are increasing by 70% every month. Millions of businesses have moved their proposition online and shifted to remote working since the pandemic started, but many still have little or no online protection in place and are therefore still vulnerable to these attacks, the report finds.

The data also showed that one in six small business in the UK that had been impacted by a cyber-attack almost had to shut their doors, due to the severity and impact on their business.

"Ransomware continues to work tremendously well and shows no sign of slowing down, due to the ease and speed with which companies choose to pay," states Jake Moore, cybersecurity specialist at ESET. "The figures attributed to ransoms are often chosen by the attackers, in relation to the wealth of the business. The problem isn't always how much a company pays; it is if they pay anything at all.

"When an organisation chooses to pay a ransom, they are admitting defeat and funding the ransomware business cycle, which continues the problem."

So, where does the solution to the problem lie? In better protection and quicker restoration, along with regular tests, he argues. "It is often not that a business cannot restore at all, but that it cannot restore 'back to business as usual' quick enough. This just adds fuel to the fire and continues ransomware on its staggeringly problematic journey ahead."