A global study of 1,200+ security professionals at organisations revealed a disconnect between the risk ransomware poses to organisations during these off-hour periods and their preparedness to respond moving into the holiday season.
The report, Organizations at Risk: Ransomware Attackers Don’t Take Holidays, found that most security professionals expressed high concern about imminent ransomware attacks, yet nearly half felt they do not have the right tools in place to manage it.
Among Singapore respondents, 35% still do not have specific contingencies in place to assure a prompt response during weekend and holiday periods despite having already been the victim of a ransomware attack.
Singapore findings
Longer response time – 49% of local cybersecurity professionals took longer to assess the scope of attacks when they happened during the holidays, while 35% took longer to respond or stop attacks.
Compromised judgement – About 33% of respondents admitted that it took longer to assemble a team to respond, possibly due to the fact that 55% of the respondents were intoxicated while responding to a ransomware attack over the weekend or during a holiday.
Lack of cybersecurity solutions – 68% of previous attacks were successful due to a lack of implementation for security solutions or cybersecurity coverage.
Increased awareness on attack occurrence – 59% of organisations have begun planning and increasing staff to reinforce security during the holidays.
Industries at risk
The report noted that the Retail and Transportation sectors are high-value targets for ransomware attackers. Singaporean respondents from both Retail (44%) and Transportation (50%) that were previously victims of ransomware attacks also cited that they did not have the right security solutions in place.
Due to the potential for disruption and lost revenue, victims are likely to be incentivised to pay higher ransom demands for business continuity.
According to Cybereason general manager for APAC, Eric Nagel, ransomware attackers don’t take time off for holidays. The most disruptive ransomware attacks in 2021 have occurred over weekends and in a lead up to major holidays.
“The attacks in Singapore on a major insurer and a healthcare operator in the second half of this year, reaffirms the shift in the attackers’ approach, knowing they have the advantage over targeted organisations,” he continued.
Leslie Wong, regional vice president for APAC at Cybereason believes the research proves that organisations are not adequately prepared.
“As attackers grow increasingly sophisticated in their approach, it is crucial that organisations take additional steps to assure they have the right people, processes and technologies in place. By adopting a prevention-first strategy, organisations can mitigate the risk of attacks and minimise the disruption of ransomware attacks to protect their critical assets,” he added.
