According to IBM’s Cost of Data Breach report, data breaches now cost companies in ASEAN is US$2.64 million per incident on average, lower than the global average of US$4.24 million, about 38% lower. But money is money regardless of the number.
With ransomware the flavour of the year when it comes to extorting money from individuals and companies, FutureCIO asked security architect Clement Lee, from Check Point Software Technologies, Siupan Chan, sales engineering manager with Sophos, and the chief technology officer within IBM ASEAN’s Technology Group, Kalyan Madala, to share their perspective on the state of ransomware in Asia.
What is the attack surface for ransomware in Asia?
Kalyan Madala: IBM Security X-Force assesses the cyber threat landscape and assists organizations in understanding the evolving threats, their associated risk, and how to prioritize cybersecurity efforts.
Among the trends that we tracked, ransomware continued its surge to become the number one threat type, representing 23% of security events X-Force responded to in 2020. Ransomware attackers are using wide and evolving tactics include credential theft, phishing, hijacking devices, data encryption, locking out access among others as witnessed with some well-publicized challenges.
Clement Lee: Amidst the accelerated digital transformation, adoption of hybrid workplaces and normalisation of remote work in Asia, there is basically no limit to the attack surface, and it is expanding fast.
According to Check Point Research, an organisation in APAC has been attacked 1,272 times per week on average for the last 6 months, as compared to 781 attacks per organisation globally.
Just this week, the Singapore authorities had issued an advisory, notifying organisations that a particular threat actor may likely be targeting local businesses and had attempted double extortion ransomware attacks in Singapore since late 2020. This goes to show that ransomware is fast becoming more common and a critical problem for businesses in Singapore and the region.
Siupan Chan: We’re seeing an extraordinarily high level of complex ransomware and other cybercrimes, and the need for effective, comprehensive cybersecurity has never been more critical or urgent.
Based on Sophos’ 2021 State of Ransomware Report, the retail and education industry experienced the highest level of attacks in Asia-Pacific and Japan, with 48% of respondents in these sectors reporting being hit.
What is the top 3 challenge for CIO/CISOs in containing ransomware attacks against the enterprise?
Kalyan Madala: The risk surface will continue to grow with thousands of new vulnerabilities likely to be reported in both old and new applications and devices
Threat actors continue to shift their sights to different attack vectors, targeting of Linux systems, operational technology (OT), IoT devices, and cloud environments will continue
Outdated strategies and Skills to manage the risks in this space continue to be a challenge
Clement Lee: Understanding the risk posture of the business operations, violation of trust from its customers (consumer/ B2B) and/ or violation of compliance to the authorities.
Providing the necessary safeguards, which would be costly and could be viewed in a gratuitous manner by the board. This is especially true where operating margins are very lean.
Available safeguards in solutions and practices could be viewed as cumbersome, leading to nonchalance in preference of convenience.
Siupan chan: As the budgets for IT and cybersecurity can be very tight, with stretched IT teams battling to protect what is often outdated infrastructure using limited tools and resources, coupled with risky end-user behaviours, such as downloading pirated software.
A skilled cybersecurity incident response specialist is also in very short supply. Enterprise often finds it lacks the incident response capability to deal with advanced ransomware attacks.
Company with complicated IT infrastructure has always been an attractive target for cyberattacks, with its complex, distributed IT environments, including a multitude of connected point-of-sale devices, a relatively transient and non-technical workforce, and access to a wide range of personal and financial customer data.
List your top 3 countermeasures (excluding any vendor solution) against ransomware
Kalyan Madala: Preparation is key for a response to ransomware. A zero-trust approach aims to wrap security around every user, every device, every connection — every time. Unify and integrate your security tools into a security platform to protect your most valuable assets and proactively manage threats. Get started by aligning zero-trust to your business initiatives. Map out your existing investments. Prioritize projects and integrations.
Develop incident response plans and build resiliency with the adoption of the security orchestration, automation, and response (SOAR) platform. Build and train an incident response team within your organization if possible and stress test your organization’s incident response plan to develop muscle memory.
Embrace Quantitative Risk Assessment approaches. Qualitative security assessments can surface issues but fail to quantify either the probability of occurrence or the impact of the risk. Putting security risk in financial terms can help executives make better decisions, connecting security risk management with overall business strategy.
Clement Lee: To mitigate risks of ransomware, businesses should adopt these countermeasures:
Have in place adequate incidence response planning should all systems become corrupted for ransom. Please be mindful of double extortion ransomware strategies employed by threat actors in an attempt to gain a successful ransom.
It is crucial to back up all data. Always ensure to backup in whole, and make sure that all backup can be return-to-operation (RTO) within the stipulated amount of time. Back up in real-time to ensure that the backup is as recent as possible.
Incoherent data backup is the largest hindrance during RTO efforts. Lastly, backup intelligently. It is critical to ascertain that the backup data is of legitimate value. In an unfortunate case, it is possible to backup ransomed files, overwriting valid files.
Maintain good security hygiene with a Zero-Trust security approach and invest in solutions that can prevent ransomware. As the saying goes, prevention is always better than cure.
Siupan Chan: To secure the network against ransomware, we advise IT teams to focus resources on three critical areas: building stronger defences against cyberthreats, introducing security skills training for users and, where possible, investing in more resilient infrastructure.
Meanwhile, IT teams should take action against the ever-changing threats through threat detection services, to provide 24/7 threat hunting, detection, and response delivered by an expert team as a fully managed service.