Mitigating ransomware attacks in SA organisations
A recent independent, vendor-agnostic survey of 200 IT professionals in medium-sized organisations in South Africa painted a rather dismal picture of the effects of ransomware on the respondents’ organisations.
As part of the larger project undertaken by an independent research company for Sophos, the resulting report – The State of Ransomware 2023 – discussed the findings from interviews with 3 000 IT/cyber security leaders across 14 countries.
Conducted between January and March this year, the survey covered the experiences of the respondents over the past 12 months regarding ransomware. One of the key findings was that there was a considerable increase in the number of South African organisations affected by ransomware attacks in the past year.
“It is very sobering to realise that there was a 27% increase in organisations affected by ransomware attacks, from last year’s 51%. And this is higher than the global average of 66%, indicating that South African organisations are indeed very vulnerable to attack,” says Charleen Rheeder, Product Manager and Shared Service Support from the Elvey Group (part of the Hudaco Group of companies), local distributor of Sophos technology.
A staggering 89% of all attacks in SA resulted in data being encrypted, which again is higher than the global average – at 76%. It is also significantly higher than the figure – just 12 months previously – where data was encrypted in 45% of data in South African attacks. In addition, data was stolen in 35% of these attacks, higher than the global average of 30%.
“Where South Africa did outshine the global market was in the complete recovery of encrypted data, which is 3% better than the global average. Furthermore, there was a decrease in 4% of affected organisations paying the ransom, bringing it to 2% lower than the global average of 47%. Sadly, though, two local organisations paid a hefty ransom of over $5 million each,” says Rheeder.
The average cost (excluding ransom payments) of recovery from a ransomware attack was reported at $750 000, including downtime costs, lost business opportunities, device costs, people costs and network costs.
According to the report, it is far cheaper to use backups to recover from a ransomware attack than to pay the ransom. The median recovery cost is half that of the cost incurred by those that paid the ransom. Similarly, the mean recovery cost is almost $1 million lower for those that used backups. “It’s pretty obvious from these statistics that a strong backup strategy should be a priority for organisations,” says Rheeder.
It is also apparent that the organisations that use backups to recover their data were able to recover from the attack faster than those that pay the ransom. The report says 45% of those that used backups recovered within a week, compared with 39% of those that paid the ransom. Globally, almost one-third (32%) of those that paid the ransom took more than a month to recover, while the percentage for those that used backups is approximately 23%. While these two response options were not mutually exclusive, and some respondents will have both paid the ransom and used backups, the recovery advantages of backups are clear.
Pieter Nel, Regional Head SADC at Sophos, says ransomware is not going to magically disappear and therefore Sophos recommends the following measures be taken by organisations:
Further strengthening their defensive shields with:
- Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and zero trust network access (ZTNA) to thwart the abuse of compromised credentials.
- Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond.
- 24/7 threat detection, investigation and response, whether delivered in-house or in partnership with a specialist managed detection and response (MDR) service provider.
- Optimising attack preparation, including making regular backups, practising recovering data from backups and maintaining an up-to-date incident response plan.
- Maintaining good security hygiene, including timely patching, and regularly reviewing security tool configurations.
“Any business operation is vulnerable to ransomware attacks and Sophos MDR transfers that risk from a client organisation to itself. In collaboration with Elvey, we are able to empower local organisations to create a stronger defence system that will prevent them from becoming ‘another statistic’,” says Nel.
“We work closely with the specialists at Sophos to help mitigate the effects of ransomware and other cyber attacks, creating solutions that cater for the specific environment and needs of each organisation. We encourage organisations concerned about their cyber security risk profile to contact us so we can discuss creating a safer IT landscape for you,” says Rheeder.