• About
  • Subscribe
  • Contact
Wednesday, May 7, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

Ransomware strategies in 2021 – new playbook required

Allan Tan by Allan Tan
August 30, 2021
Ransomware strategies in 2021 – new playbook required

Ransomware strategies in 2021 – new playbook required

According to IBM’s Cost of Data Breach report, data breaches now cost companies in ASEAN is US$2.64 million per incident on average, lower than the global average of US$4.24 million, about 38% lower. But money is money regardless of the number.

With ransomware the flavour of the year when it comes to extorting money from individuals and companies, FutureCIO asked security architect Clement Lee, from Check Point Software Technologies, Siupan Chan, sales engineering manager with Sophos, and the chief technology officer within IBM ASEAN’s Technology Group, Kalyan Madala, to share their perspective on the state of ransomware in Asia.

What is the attack surface for ransomware in Asia?

Kalyan Madala: IBM Security X-Force assesses the cyber threat landscape and assists organizations in understanding the evolving threats, their associated risk, and how to prioritize cybersecurity efforts.

Among the trends that we tracked, ransomware continued its surge to become the number one threat type, representing 23% of security events X-Force responded to in 2020. Ransomware attackers are using wide and evolving tactics include credential theft, phishing, hijacking devices, data encryption, locking out access among others as witnessed with some well-publicized challenges.

Clement Lee: Amidst the accelerated digital transformation, adoption of hybrid workplaces and normalisation of remote work in Asia, there is basically no limit to the attack surface, and it is expanding fast.

According to Check Point Research, an organisation in APAC has been attacked 1,272 times per week on average for the last 6 months, as compared to 781 attacks per organisation globally.

Just this week, the Singapore authorities had issued an advisory, notifying organisations that a particular threat actor may likely be targeting local businesses and had attempted double extortion ransomware attacks in Singapore since late 2020. This goes to show that ransomware is fast becoming more common and a critical problem for businesses in Singapore and the region.

Siupan Chan: We’re seeing an extraordinarily high level of complex ransomware and other cybercrimes, and the need for effective, comprehensive cybersecurity has never been more critical or urgent.

Based on Sophos’ 2021 State of Ransomware Report, the retail and education industry experienced the highest level of attacks in Asia-Pacific and Japan, with 48% of respondents in these sectors reporting being hit.

What is the top 3 challenge for CIO/CISOs in containing ransomware attacks against the enterprise?

Kalyan Madala: The risk surface will continue to grow with thousands of new vulnerabilities likely to be reported in both old and new applications and devices

Threat actors continue to shift their sights to different attack vectors, targeting of Linux systems, operational technology (OT), IoT devices, and cloud environments will continue

Outdated strategies and Skills to manage the risks in this space continue to be a challenge

Clement Lee: Understanding the risk posture of the business operations, violation of trust from its customers (consumer/ B2B) and/ or violation of compliance to the authorities.

Providing the necessary safeguards, which would be costly and could be viewed in a gratuitous manner by the board. This is especially true where operating margins are very lean.

Available safeguards in solutions and practices could be viewed as cumbersome, leading to nonchalance in preference of convenience.

Siupan chan: As the budgets for IT and cybersecurity can be very tight, with stretched IT teams battling to protect what is often outdated infrastructure using limited tools and resources, coupled with risky end-user behaviours, such as downloading pirated software.

A skilled cybersecurity incident response specialist is also in very short supply. Enterprise often finds it lacks the incident response capability to deal with advanced ransomware attacks.

Company with complicated IT infrastructure has always been an attractive target for cyberattacks, with its complex, distributed IT environments, including a multitude of connected point-of-sale devices, a relatively transient and non-technical workforce, and access to a wide range of personal and financial customer data.

List your top 3 countermeasures (excluding any vendor solution) against ransomware

Kalyan Madala: Preparation is key for a response to ransomware. A zero-trust approach aims to wrap security around every user, every device, every connection — every time. Unify and integrate your security tools into a security platform to protect your most valuable assets and proactively manage threats. Get started by aligning zero-trust to your business initiatives. Map out your existing investments. Prioritize projects and integrations.

Develop incident response plans and build resiliency with the adoption of the security orchestration, automation, and response (SOAR) platform. Build and train an incident response team within your organization if possible and stress test your organization’s incident response plan to develop muscle memory.

Embrace Quantitative Risk Assessment approaches. Qualitative security assessments can surface issues but fail to quantify either the probability of occurrence or the impact of the risk. Putting security risk in financial terms can help executives make better decisions, connecting security risk management with overall business strategy.

Clement Lee: To mitigate risks of ransomware, businesses should adopt these countermeasures:

Have in place adequate incidence response planning should all systems become corrupted for ransom. Please be mindful of double extortion ransomware strategies employed by threat actors in an attempt to gain a successful ransom.

It is crucial to back up all data. Always ensure to backup in whole, and make sure that all backup can be return-to-operation (RTO) within the stipulated amount of time. Back up in real-time to ensure that the backup is as recent as possible.

Incoherent data backup is the largest hindrance during RTO efforts. Lastly, backup intelligently. It is critical to ascertain that the backup data is of legitimate value. In an unfortunate case, it is possible to backup ransomed files, overwriting valid files.

Maintain good security hygiene with a Zero-Trust security approach and invest in solutions that can prevent ransomware. As the saying goes, prevention is always better than cure.

Siupan Chan: To secure the network against ransomware, we advise IT teams to focus resources on three critical areas: building stronger defences against cyberthreats, introducing security skills training for users and, where possible, investing in more resilient infrastructure.

Meanwhile, IT teams should take action against the ever-changing threats through threat detection services, to provide 24/7 threat hunting, detection, and response delivered by an expert team as a fully managed service.

Related:  Cybercriminals abuse remote desktop protocol in 90% of attacks 
Tags: attack surfacecybersecurityransomwareSophos
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe