Ransomware has developed into a global concern. Many organisations have been struggling to tackle this issue. In Southeast Asia, it was reported that cybercrimes have increased by an incredible 600%. Even worse, globally, a ransomware attack happens every 11 seconds, incurring financial damage as large as USD $20 Billion.
Paul Hadjy, CEO of Horangi shares his insights during an interview with CSA. “What we read in headlines is really just the bigger ones, the ones that have the most effect. A lot of the [attacks] come from simple human error, employees downloading stuff on their computers and phishing emails. In general, I think it happens a lot more than what the media is reporting.”
When asked why ransomware became the threat it is today, Paul answered, “It became this way because of one reason in my opinion. It is an easy way for attackers to make money. They can do it over and over and continue to make money.”
Cybercrime: Motivations and Damages
When it comes to the motives of cyber attacks in general, while they can range from theft, sabotage, and espionage to political (where an attack is government-backed or in support of a specific government), Paul believes that monetary gain is by far the most common motivation.
Commenting on the financial damages in the aftermath of an attack, he explained, “It depends on the type of attack. Data breaches, for example, can affect the market capital of a company. Especially for companies that have a large customer base, it will really affect its revenue and that’s often unmeasurable on how much financial impact that has.”
However, if it’s ransomware, then it is easier to gauge the financial damage, “If your documents or information were locked up then you have to pay a certain amount to unlock that information again or claim insurance. So, it’s easier to calculate. Generally, it’s not as bad as data breaches because it’s private and not in large amounts but of course, there are outliers.”
How Do Ransomware Penetrate Businesses?
According to Paul, there are now a number of different ways for ransomware to infiltrate businesses. It could be through phishing, where users are convinced to download payloads onto their machines. Or documents/folders containing nefarious files are spread into shared drives. Threat actors could even take over accounts and send the malicious files rapidly across the organisation.
What makes ransomware so hard to pin down is that the cybercriminals are never sitting still, unsurprising considering the amount of money that’s at stake. Paul said some of the more sophisticated attackers are using AI and ML in their attacks. They are studying how anti-virus (which looks for signatures of viruses and malware) and EDR (which looks at symptoms and how they react) is detecting threats and figuring out new ways to get around them.
“It’s like a push-pull battle. The attackers came out with new tactics, techniques and procedures and cybersecurity companies are adjusting to that. One side changes things, and then the other side also responds alike. That’s how AI and ML came into play because they adapt that much faster,” he said, adding that this is how attacks become more sophisticated as cybersecurity continues to improve and organisations accelerate digital adoption.
Guarding Against Ransomware
The ransomware attacks are, of course, continuing to escalate. Most recently we saw Lapsus$ attack huge global brands like Microsoft and Okta. The problem is that it seems like businesses still are not that keen on investing in cybersecurity. Paul advises companies to have a plan in case their business (or even one of their vendors) gets breached. These days, they don’t even have to do it all themselves; they can hire a third party to do it.
“Every organisation has a plan if there’s a fire emergency. You have the fire plan at the door, everyone has to learn it and practice it right? So, preparing for a hack is no different. It’s not an extreme cost as you prevent a big loss if you have a plan in place,” Paul explained further.
He added that backups are instrumental during ransomware attacks, “You have to have precautions and risk mitigations. Backups are a great way to mitigate that. If you backup your data effectively, ransomware won’t affect you that much. Backups and multiple backups can help, so if one gets infected, you still have extra. This is key in preventing [data loss]. In reality, businesses are just not prepared.”
It is no secret that organisations are moving into a hybrid, multi-cloud environment, Paul said cloud security is of the utmost importance: “Horangi’s whole business is focused around helping companies solve cloud security issues through our product, Warden. I would say [the] cloud is more secure than traditional infrastructure but it’s different too. So, there’s a learning curve when companies transition to the cloud. You need to make sure your team is prepared and trained to do that.”