Human vigilance vital in tackling enterprise vulnerability

Sophos Senior Vice President Asia Pacific Japan Gavin Struthers discusses regional ransomware trends and the need for heightened global vigilance.

Futuristic design of human eye for cyber security, system diagnostic


Show More

The cyber threat environment is getting increasingly dire. Recent global research commissioned by cyber security company Sophos, The State of Ransomware 2022 found that 72% of respondent organisations had experienced an increase in volume, complexity, or impact of cyberattacks in the previous year.

Specific to ransomware, 66% of companies surveyed said they were hit, a steep rise from the 37% of the previous year. The reasons for this could be digitisation and work-from-home, boosted by the pandemic. The report also cites the growing popularity of ransomware-as-a-service as a cause for this worrying increase. Approximately two thirds (65%) of the companies attacked by ransomware saw their data getting encrypted, the last phase of the attack.

In the Asia-Pacific-Japan region, 72% of the organisations surveyed were hit by ransomware, with 72% of these attacks resulting in data encryption. Nine in ten companies said a ransomware attack impacted their ability to operate. At 78% India topped the list for paying the ransom to get data back, compared to under one in two companies worldwide. 

Analysing the region

Senior Vice President Asia Pacific Japan at Sophos, Gavin Struthers, says a reason India has the highest percentage of companies paying the ransom, could be the lack of good data backup regimes, which puts them in a place of vulnerability. The second cause is that as ransomware attacks become more common, many organisations have better defences in place and have stopped paying the ransom. This is driving the criminals to resort to extortion, such as threatening to leak the organisation’s data onto the dark web. Indian companies could be paying up quicker, due to fear of such an outcome that could compromise their brand and their customers’ privacy, according to Struthers.

Two additional explanations of why this is happening in India may hold for the entire APJ region, Struthers adds. The first is a general feeling that everything is going to be okay, which translates into a lower level of preparedness. Secondly, the very high penetration of mobile phones in the region means that people here conduct their personal and professional activities on these devices, opening up another frontier of vulnerability. “For the Asia Pacific, we need to be cognizant of this ongoing trend - the risk to mobile devices,” says Struthers.

Referring to recent reports of cyber-criminals asking the organisation they attack to perform good deeds for their data to be returned, Struthers says we could see more of this ‘Robin Hood’ trend in the future, but at the moment, it is not very significant. Most of the attackers continue to ask for money.

The importance of trust

The conversation moves to services used by the public such as electricity grids and airlines being hit by ransomware attacks and Struthers emphasises the importance of 24/7 preparedness for all organisations. Ransomware, he says, is at the epicentre of the threat landscape today, and an organisation may be attacked anytime.

The overarching dimension of preparedness is trust, according to Struthers. With growing digitisation, organisations find themselves even more vulnerable because of the technology they use such as cloud, and interconnected supply chains. To counter this, organisations need to appoint someone who works assiduously on building and maintaining trust across stakeholders within and outside the organisation. This function is now critical enough, according to Struthers, to merit the hiring of a complete team.  

A look at the strategic dimensions

A challenge organisations face is the noise in the industry around security technologies. There are a few thousand cyber security vendors and innovations coming out every month. So, what is good enough security?

Struthers says the answer lies in acknowledging that cyber security is not a technology problem alone – it spans people and processes as well. In addition to having the latest technology in place to fight off attacks, organisations led by their CEOs should run campaigns and initiatives to create a culture of awareness throughout the organisation since attacks often come about due to mistakes made unknowingly by employees. Coming to processes, Struthers says a lag in fixing vulnerabilities is no longer feasible in today’s environment and organisations need to be very proactive.

And the average IT administrator may not have the bandwidth for this 24/7 alertness, which is leading to the increased adoption of managed detection and response. “You can't put in the latest and greatest tool set and patching regime. You've got to have human and machine teaming 24/7, and that translates into somebody sitting on the other side of a keyboard, monitoring your environment,” observes Struthers. Analysts predict that over the next few years, more than half of organisations will need to leverage human-machine teaming through managed detection and response.

Best practices remain crucial

At a tactical level, it’s the fundamentals an organisation has to pay attention to—making sure your patching regimes are up-to-date, multi-factor authentication, securing your remote access tools, and running simulation exercises on how to respond to an attack. “These are basic things every organization should be doing,” Struthers says.

Some key protection measures that need to be in place are:

  1. Backing up regularly and maintaining a recent backup copy offline and offsite

In the case of a ransomware attack, an up-to-date, accessible backup ensures minimal downtime before an organisation can resume business as usual. An encrypted backup that is regularly updated and available offline and offsite spares leaders and security teams the worry about the backup device falling into the wrong hands.

  1. Enabling file extensions

Extensions help identify file types accurately, so users do not open files that are unusual to their type of work.

  1. Exercising caution about unsolicited attachments

Whenever the authenticity of an email is in doubt, a good practice is to report it.

  1. Monitoring administrator rights

IT teams should ensure that they constantly review admin and domain admin rights. Additionally, users should not stay logged in as an administrator any longer than is strictly necessary and avoid browsing, opening documents, or other regular work activities while they have administrator rights.

  1. Using strong passwords

It sounds trivial, but it isn’t. A weak and predictable password can give hackers access to an organisation’s entire network in a matter of seconds. It is recommended that users use passwords that are at least 12 characters long, using a mix of upper and lower case and adding a sprinkle of random punctuation. An example: Ju5t.LiKETh1s!

The urgent need for action

Awareness of cyber security is going up among organisations and governments everywhere. Governments are cooperating to bring bad actors to justice and constantly raising the bar for organisations to be vigilant with regulations such as mandatory reporting of breaches. This is a constant balancing act as over-regulation disrupts the smooth running of business, says Struthers.

Struthers ends the discussion on a grave note. “I don't think the awareness has turned into appropriate action,” he warns. The world needs to acknowledge that cyber attacks have become a round-the-clock problem. This means you cannot afford to be comfortable with your security posture. You need to have security experts monitoring your environment and be able to respond in minutes to avert an expensive and catastrophic impact.