Tackling the evolving threat of ransomware in 2022
It topped the list of concerns for security teams in 2021, and indications are that ransomware will continue to cause big problems for Australian businesses this year.
As the year unfolds, it's likely that the ransomware threat will evolve in two significant ways. The first involves how attacks are mounted, while the second changes the type of organisations that cybercriminals will target.
Firms that fall victim to an attack will have to decide whether to pay the ransom demand or ignore it and attempt to restore critical data from another source. It's not the sort of decision any business leader wants to face.
Exfiltration rather than encryption
When ransomware attacks first appeared, their primary goal was to encrypt a target organisation's critical files and then demand a ransom in exchange for the keys. This was lucrative for cybercriminals as many victims had little choice but to pay up.
Now, however, awareness of ransomware is much higher, and many organisations have taken steps to ensure their critical data is backed up and stored in a different location. If an attack occurs, they can restore these files and resume normal operations.
In response, cybercriminals have changed their tactics and are increasingly focused on exfiltrating data and then threatening to make it public unless a payment is made. Such a move could be very damaging for a business, and having a secure backup is no defence.
The second key trend shaping ransomware attacks is a change in the size of the organisations being targeted. While large firms tend to have security tools and strategies that minimise the chance of an attack, this is not the case for many small and mid-sized businesses.
Also, smaller firms tend not to have the in-house security experts employed by larger companies. This means gaps in protective measures are more likely to exist, and response to attacks will be slower.
As a result, cybercriminals are shifting their focus from Australia's largest companies to the country's many smaller firms as they know the chance of success is greater.
Responding to the ransomware threat
Faced with these changes, small and mid-sized firms need to review their security strategies and defences urgently. A successful data encryption or exfiltration attack could be disruptive at least and destructive at worst. Other steps that are needed include:
- Review the ASD Essential 8:
The Australian Signals Directorate has created the Essential 8, which are clear guidelines for the steps businesses should undertake to improve their IT security. Organisations of all sizes should review and implement these recommendations.
- Check your backup processes:
Having up-to-date, secure backups is critical for any ransomware protection strategy. It's important for businesses of all sizes to regularly copy critical files and store them in a different location from production systems. This will allow normal operations to be restored as quickly as possible following an attack.
- Consider micro-segmentation and Zero Trust:
These two strategies can significantly improve security and reduce the likelihood of a firm falling victim to an attack. Micro-segmentation involves creating zones in data centers and cloud platforms that isolate workloads and secure them individually. Zero Trust can take this further by limiting network traffic between those workloads.
- Review the security budget:
As the threat landscape continues to evolve, organisations need to allocate sufficient resources to ensure effective security. According to AustCyber, the average spend on security per full-time employee by large firms in Australia during the 2021 financial year was $2,799. Small and mid-sized firms should consider allocating a similar amount.
The threat posed by ransomware will only increase during 2022, so taking the required steps now is vital for organisations of all sizes. Data is an essential element of business today, and keeping it secure at all times is vital.
Article by Security Centric principal, Sash Vasilevski.