Ransomware is the new data breach.
Nowadays, cybercriminals are no longer content just exfiltrating data and either leaking it on the dark web or selling it to the highest bidder. Instead, they would rather hold that data hostage and demand payment for its release. Then, once payment is made, often via cryptocurrency, everyone can go on with their merry ways—the cybercriminals a few million richer, the victimised company a few million poorer and the data back safely (if the attackers hold up their end of the bargain).
Alarmingly, ransomware is apparently becoming more prevalent in the Asia Pacific region. Compounding matters is that these attacks are ever-evolving and are now certainly a legitimate cause of concern for organisations in the region—more so for the bigger, more established ones, as they can, in theory, pay bigger ransoms to preserve their reputation and avoid significant downtime.
“Ransomware attacks continue to get smarter and more sophisticated, zoning in on organisations where they can drive the biggest revenues,” said Gary Sievers, Vice President of Channel Sales and Alliances, APJ Region at Veritas. “According to Veritas research, the average organisation in the Asia Pacific region has experienced 2.07 ransomware attacks that led to downtime in the last 12 months.”
This uptick in ransomware attacks in the region, as Sievers points out, reflects a global trend of ransomware becoming the modus of choice of cybercriminals. Many, according to Sievers, are actively targeting vital industries, like oil and gas, telecommunications and healthcare, and “attacking data and applications in the cloud and in on-premises systems equally.” In the Asia Pacific, in particular, cybercriminals have been taking advantage of the pandemic to target hospitals, medical centres and public institutions.
“A recent incident that may not have yet received the attention it warrants is the discovery of malware capable of escaping from a container to infect an entire cluster. First uncovered in March by a Palo Alto threat researcher, who named it Siloscape, it can be exploited to hold files hostage in a new breed of ransomware attack,” added Sievers. “This reminds us that malicious actors are always looking for more effective ways to hold data and workloads to ransom. What’s important is that organisations stay up to date and maintain a well-configured and secured IT environment.”
Ransomware Response: Realigning Data Storage Strategies
One thing of note in all this is the impact the COVID-19 pandemic has had both on digitalisation and the much broader, more expansive digital transformation of Southeast Asian organisations looking to leverage the best technology has to offer in this digital age. The numbers bear out this reality, with the Bain & Company report ‘Digital Consumers of Tomorrow, Here Today’ noting how the pandemic crammed five years’ worth of digital transformation into a single year—2020.
To wit, the number of digital consumers in the region, or those who purchase something online, is said to be 310 million—a number Southeast Asia was expected to reach only in 2025. That means as of now, 69% of the region’s 15 and above population are now digital consumers who have made over USD $85 billion in payments digitally. Average digital spending per person in Southeast Asia also rose last year to USD $172 and is expected to reach USD $429 in 2025, in the process underpinning why organisations have been so quick to go digital as well.
These developments are not lost on Sievers, telling CSA: “The global pandemic has changed the way we work, communicate, and do business—perhaps permanently. As a result, IT organisations have been forced to accelerate their digital transformation strategies to increase automation, manage workloads seamlessly across on-premises and multi-cloud environments, and facilitate application deployment.”
But for all the advances organisations are making in automation, workload management, cloud use and app development, something seems to have gotten lost in transition, either completely overlooked or perhaps misunderstood to a degree (hence resulting in less than ideal implementation). That something is cybersecurity, and the lack of due attention given to it can have disastrous consequences, especially now that ransomware attacks are more accessible than ever, no thanks to the rise of Ransomware-as-a-Service. This is compounded by the increase in the number of hacks and data breaches in the region, like the MyRepublic breach in September and the Starhub incident in July.
“In many cases, most organisation’s protection infrastructures are lagging behind, with 37% of organisations in APAC saying that their security hasn’t kept pace with their COVID-led transformation projects,” rued Sievers. “Until organisations can bring their protection infrastructure up to speed, they will remain exposed and vulnerable to data-loss incidents, such as ransomware.”
Curiously, organisations are now well aware of the threat of ransomware and are genuinely concerned about losing their precious data. Unfortunately, many of them are yet to recognise why it is crucial to invest in technologies such as advanced email security, segmentation and sandboxing, along with cybersecurity mainstays, like NGFW, SWG and EDR for detecting, preventing and limiting ransomware.
Sievers is likely fully aware of this limitation, which is why he is not entirely confident that the region’s cybersecurity infrastructure will be up to par immediately.
“It is unlikely that this gap is going to be closed any time soon, however, since APAC organisations say it will take them, on average, another two years to mitigate the disparity caused by COVID-led transformation,” observed Sievers. “In order to reduce that to one year, they would each need an extra USD $2.54 million and 32 full-time members of IT staff. There is a clear desire to address data protection as soon as possible, though, with 34% of APAC organisations saying that data management is their number-one priority for this year.”
Sievers added: “Organisations can be sure of two things: That they will face ransomware attacks and that remediation will be required. This knowledge can empower them to improve the way they manage information, with a positive impact on cost and the user experience.”
For that, Sievers is advising organisations to have a framework to support the Protect, Detect and Recover components of their overall cybersecurity strategy. Per Sievers:
Protect: Data protection solutions must be able to back up all enterprise workloads, including those in third-party cloud facilities. Data encryption, immutable and indelible storage, and zero-trust access are required at enterprise scale.
Detect. Threat detection is the next step. Artificial Intelligence (AI)-based automated anomaly detection is now possible and should extend across the entire storage environment, including an organisation’s backup data.
Recover. Finally, recovery demands true multi-site, application-aware resiliency. A trusted platform can automate and orchestrate a complete cross-site or cloud restoration at the click of a button, ensuring both data and applications are up and running again.
Additionally, Sievers is offering Veritas, a global leader in enterprise data services, as a possible solution to an organisation’s data management and protection needs. It has integrated technology and solutions that deliver availability, protection and insights to solve data challenges for companies of all sizes.
“Our availability solutions, including our InfoScale™ software-defined infrastructure, help businesses keep their mission-critical applications up and running, minimising downtime and providing application resilience and storage efficiency across multi-cloud, virtual and physical environments,” explained Sievers. “Our flagship NetBackup data protection solution delivers flexibility, simplicity and resilience, extending ransomware protection to every part of the enterprise—from edge to core to cloud, and from traditional to virtualised to containerised environments.”
Sievers added: “Veritas data insights tools and services, such as our Enterprise Vault™ archiving solution and APTARE IT Analytics™ platform, help organisations gain visibility into their data, storage and backup infrastructure, so they can take control of data-related risks. That’s why the world’s ten largest FSI organisations rely on Veritas.”
But the biggest challenge, according to Sievers, is that the data that enterprises want to protect from ransomware attacks is spread across lots of different platforms, applications and locations. This means an enterprise might consider getting protection specifically for one platform only and then another for a different application or location. As a result, “the management burden can quickly grow and grow,” leading to an increased risk of errors.
It is in this context that Veritas stands out as among the best data management solutions an organisation can invest in as it delivers a single platform that provides visibility, availability and resilience from edge to core to cloud. It also enables easier multi-cloud management at scale through a single pane of glass. Its flagship data protection solution, Veritas NetBackup, in particular, supports more than 800 different data sources and over 100 operating systems, with 1,400 storage targets, across more than 60 clouds.
Suffice to say, organisations that want to keep their data secure and protected from ransomware and other kinds of cyber attacks will have to invest in robust cybersecurity solutions, like the ones offered by Veritas.