Cybercrime has evolved into a multi-trillion dollar industry, and the statistics around it are disturbing.
By Kate Mollett, regional director of Commvault Africa
Cybersecurity Ventures anticipates cybercrime to cost the world $10.5 trillion annually by 2025, up from $3 trillion in 2015. The latest ransomware paper from ESET reports 71 billion attacks on remote access between January 2020 and June 2021.
This global phenomenon does not discriminate between countries, businesses or industries, and everyone is a target. Organisations need to do everything they can to reduce their risk and improve their ability to recover from a ransomware attack when, and not if, it happens.
Why now?
While many elements are contributing to the enormous upswing in cybercriminal activities, there are three general trends that have been the catalyst for its acceleration.
Firstly, the increasing connectivity of all devices and the expansion of the Internet has created a much wider attack surface.
Secondly, cybercriminals have become increasingly sophisticated and coordinated in their attacks. And finally, there is a distinct skills gap that is resulting in a lack of qualified cybersecurity experts to combat the threat effectively.
Bigger surface, greater risk
As more and more devices have become connected, the boundaries of organisations have been pushed further out, widening the attack surface and creating many additional points of potential vulnerability. This translates to greater risks and increased costs associated with a breach.
The Sophos State of Ransomware 2021 report states that the average cost of rectifying a ransomware attack is $1.85 million, a sum that would put many South African enterprises out of business for good. In addition, the average ransomware attack results in 21 days of downtime for business, which adds further financial pressure.
Data leaks are a costly concern
Aside from the downtime associated with the inability to access data, there is growing concern around data leaks. In fact, the Coveware Quarterly Ransomware Report estimates that 70% of ransomware attacks involve the threat of leaking sensitive information.
Not only does this put businesses at risk of non-compliance with laws such as the Protection of Personal Information Act (PoPIA), it can also cause untold reputational damage, the consequences of which are far-reaching and difficult to quantify.
The cost of a data breach is exponentially higher than a simple ransomware attack, with IBM and the Ponemon Institute putting this figure at more than $4 million globally and $2.14 million in South Africa. In addition, the average global time taken to identify and contain a breach is around 279 days.
Understanding the vulnerabilities
Ransomware typically attempts to do one of two things: either corrupt, delete or encrypt business-critical data, or leak sensitive or personally identifying information (PII).
Key to countering these threats is the ability to understand the threat actors. Insider threats could involve careless, negligent or malicious behaviour from people within the organisation, while external threats include hackers, cybercrime exploits and ransomware.
The end result is risk, including the inability to operate, data privacy issues and data breaches, threats to business reputation and viability, and the inability to recover quickly.
Not just an IT problem
Data breaches need to be treated in the same way as any other disaster, because effectively a data breach is a business resiliency issue and not simply an IT problem.
A data governance approach needs to be followed in order to align both value and risk definitions within the business. This must be approached with a mindset of risk management and risk mitigation, bearing in mind the balance of impact versus probability of attack.
Central to this is a thorough understanding of vulnerabilities and threats, and from there the development of policies and educating people about the risks. However, while policies and education are pivotal, it has become impossible to deal with data at scale, based on the rate that it is growing, without automation and leveraging technology.
In addition, while it is critical to have an incident response and recovery plan ready, and to involve all stakeholders in this, it is even more important to test the plan before a disaster occurs.
Reducing risk
Data must be identified and prioritised across the environment, and removed if it is no longer needed. Businesses need to ensure that only the right people are able to access, modify and delete data, monitor for anomalous behaviour, and investigate and respond to events quickly.
It is also essential to be able to support audits, investigations and legal fallout which will inevitably result from an incident, and crucially, be able to assess the situation to avoid it happening again in the future.
The reality is that if something can go wrong, it will go wrong, and ransomware attacks have become a matter of when, not if.
Effective data governance and a trusted data governance partner have become critical in today’s business world.