Ransomware was in the headlines worldwide last year as cyberattacks hit a broad swathe of businesses and organisations, maliciously causing financial damage and disruption. According to the Cybersecurity Agency of Singapore (CSA), ransomware remains a major issue both in Singapore and globally, with cybersecurity vendors reporting a 13% increase in ransomware incidents worldwide in 2022.
A ransomware cyberattack can put a stranglehold on operations and have not only financial institutions and businesses but also healthcare institutions and power companies, threatening people's lives and national security.
As of November 2022, the FBI and other federal agencies have warned that one type of ransomware alone had been used to extort about $100 million from over 1,300 companies worldwide.
It has also been reported that organisations in the Asia-Pacific region are prime targets of cyber criminals, with their ransomware pay rate being higher than the average at 18.9%.
Criminals are finding new ways to hold businesses hostage to their ransomware demands. Sophisticated new methods have evolved from phishing and may include social engineering and exploiting vulnerabilities in flexible working arrangements such as the use of multiple devices and home IoT networks.
Criminal developers have followed the Software as a Service trend to offer ransomware as a service (RaaS) on the dark web. With payments in cryptocurrencies, RaaS is proving a successful business model for developers and making it very easy for criminals without the coding skills to mount an attack themselves.Â
Across the Asia Pacific region, high-profile attacks put privacy laws on the national political agenda. In Australia, private health insurer Medibank is facing a class action lawsuit after personal data from millions of customers was released on the dark web.
In Singapore, the Law Society has been ordered to plug security gaps after a ransomware attack compromised the information of more than 160,000 members, including personal details such as their full name, residential address, date of birth and NRIC number.
More legislation is coming
As malicious cyber activities and ransomware attacks continue to pose an increased threat, the Singapore government introduced new reforms to its data protection laws under the Personal Data Protection Act (PDPA) in October 2022.
The financial penalty cap for breaches under the PDPA has increased from S$1 million to 10% of the organisation’s annual turnover in Singapore for organisations with annual local turnover exceeding S$10 million, whichever is higher.
Across APAC markets, legislation varies, but privacy regulations everywhere are being revisited and the pace is accelerating. The EU's General Data Protection Regulation (GDPR) considered the most demanding privacy law is influencing the development of data protection in Asia.
Gartner predicts that 75% of the world's population will have their personal information/personal data covered under modern privacy regulations by the end of 2024.
Still not a priority
Many customers are ambivalent about data security; they expect the personalisation of online and digitalised services, but they also demand their data should be secure and private.
Meanwhile, despite the potential for financial losses and fines, alongside irreversible damage to customer trust and brand reputation, it appears companies are also not taking the risk and compliance implications seriously.
A recent survey of CISOs in Australia and New Zealand by Veritas revealed "a damning landscape of unpreparedness". Although 84% of CISOs interviewed said they expect moderate to significant disruption following a ransomware attack, only 13% have complete confidence in their organisation’s backup strategy.
Furthermore, only 17% say they have a strong security culture at all levels of business, and 21% are not confident their team could orchestrate recovery. It is similar across the Asia Pacific and Japan region, with a staggering 95% of organisations acknowledging they need to improve their ability to track their entire data footprint and just 11% saying their organisations are backing up data continuously.
It is also worrying that a majority of IT teams often do not even know how many cloud services their companies are using. The average enterprise organisation uses at least three cloud service providers which explains why maintaining visibility across the whole technology stack is both complex and challenging for IT teams.
Now is the time to strengthen data protection
Being held to a financial ransom for stolen or corrupted datasets is not the only threat the cybersecurity team faces when dealing with a ransomware attack.
As part of these attacks, malware or viruses are often also deliberately initiated by bad actors. Depending on the type of attack and the effectiveness of cyber security measures already in place, these actions will cause outages leading directly to loss of business and critical data corruption.
Such cyber-attacks cause significant reputational damage as well as loss of supply-side confidence. This has the knock-on effect of additional and hefty financial costs to businesses, especially if data containing consumer details is breached.
Although ransomware techniques and approaches are continually evolving, they are not invincible if cybersecurity evolves constantly too. There are clear steps organisations can take to reduce the likelihood of being a target and an attack impacting operations.
An organisation's cyber defences are only as strong as the weakest link, so IT teams can no longer avoid ransomware attacks by endpoint security alone; they need a multi-layered strategy.
Hence, the first step is having complete visibility of where their data resides across the multi-cloud environment. To maintain legislative compliance and reduce business risk, organisations also need to know what types of data are where across their environments, ensure that accessibility to the data is correctly managed, and what that data is being used for.
In the face of the ever-evolving cybersecurity landscape, there are still many threats to effective data management. These multiply exponentially when using multiple public cloud services.
While major cloud service providers do offer very high degrees of resilience in the availability of their cloud platforms, all application data orchestration and compliance are still the responsibility of the customer. A platform approach, that delivers data protection and application resiliency, with consideration of data compliance and governance, is still required.
By adopting an autonomous cloud data management platform, which combines automation with advanced AI, organisations can detect deviations in data access patterns and lock down accounts that might be used to run any ransomware/malware.
By analysing changes in backup attributes using AI/ML to provide support for muti-cloud or on-premises environments, organisations are always alerted to any possible ransomware intrusions before they can cause reputational or business impact.
While backup and recovery should always be the last line of defence against ransomware attacks, it must also be a primary element of any comprehensive, threat detection, data recovery and cybersecurity strategy.
For instance, the National Institute of Standards and Technology (NIST), part of the U.S. Department of Commerce, recommends developing a cybersecurity framework that enables organisations to establish a comprehensive, structured methodology around five key functions — identify, protect, detect, respond, and recover.
This kind of long-term framework strategy as part of a long-term relationship with a trusted partner is a sensible approach to reducing the risk of exposure and mitigating risk.
