Wave your data goodbye

Pieter Nel, Regional Head: SADC, Sophos.

---

With the Kaseya ransomware attack headlining, it comes as no surprise that Sophos’ State of Ransomware 2021 report reveals that only 8% of businesses that pay a ransom will get back all of their data. The survey puts the average total cost of recovery from a ransomware attack at $1.85 million. 

However, the cost of a ransomware attack goes beyond the financial as legislation places the onus on companies to protect the personally identifiable information of their stakeholders. In South Africa, now that the Protection of Personal Information Act (POPIA) has come into effect, the pressure is on local business to ensure that their data isn’t exposed. However, the Sophos survey also reveals that 54% of businesses believe that today’s cyber attacks are too sophisticated for their IT team to manage on their own.

Pieter Nel, Sophos’ Regional Head for the SADC, recommends that businesses take a step-by-step approach to defending their data against a potential breach, instead of tackling the entirety of compliance as one big project.

“The first step is to look at the main cause of data breaches today. According to a 2021 ITWeb survey, the top three types of attacks experienced over the past year are social engineering (27%), malicious websites (23%) and ransomware attacks (16%). That represents a staggering amount of data that could have been protected with better security.”

The majority of all data breaches are caused by hacking and/or malware. This could be a targeted attack, exploiting a zero-day or older vulnerability, or it could be a more generic ransomware attack. Either way, this is the top risk factor when it comes to losing data. If unsure whether they’re adequately defending against hacking and malware, businesses should ask themselves three questions:

• Do we regularly patch vulnerabilities?
• Do we have anti-ransomware features in place?
• Are we catching phishing attacks before they get to the users?

The next leading cause of data breaches, unintended disclosure, is when the data breach was unintentional and caused by human error. “Unfortunately, this is quite common and very tricky to protect against. Particularly at the moment when people are stressed and time is short, mistakes happen – it’s usually just a matter of time. Almost a quarter of data breaches are because of unintended disclosure.”

To determine their risk of breach as a result of unintended disclosure, businesses need to ask themselves the following:

• Have we ever sent a file to the wrong person?
• Have we saved financial data on a shared network drive?
• Do we save unencrypted data in cloud storage?

Portable devices are the third leading cause of data breaches, with 17% of data breaches caused by device loss – and only 29% of smartphones and tablets always encrypted.* Questions to ask here are:

• Are our mobile devices always complaint with company security policy?
• How much sensitive data is stored on our devices?

The answers to all three sets of questions will highlight how at risk the business’s data is of a breach, albeit via hacking, malware, unintended disclosure or any other means.

Nel says: “All of this brings us to taking a risk-based approach to compliance regulations and POPIA. Each business is different and the appetite for data security and data protection will vary greatly. Data protection can be viewed on a sliding scale, with the maximum amount of effort being required to have the lowest risk of a data breach. The business has to weigh effort against risk, comparing its appetite for risk against the effort and investment that they’re prepared to put in.“

Businesses that defend against stopping malware and ransomware, preventing unauthorised access and catering for lost or stolen laptops and mobile phones, are protecting themselves against roughly 75% of the causes of a data breach. However, it’s more difficult to defend against unintended disclosure and other types of breaches. Here it’s particularly important that the business decide its tolerance for risk and how far it is prepared to go to protect its data from both an effort and cost point of view.

Unfortunately, all too often, the business adopts an ‘it won’t happen to me’ mindset. However, it’s important to understand the risks if you choose to do nothing. For instance, the data protection authorities are unlikely to be very favourable to anybody who has a data breach because they chose to hope for the best and not defend against that type of risk.

It’s more important than ever to protect against cyber attackers getting access to your data. South African organisations have been impacted by the Kaseya ransomware attack and, according to the State of Ransomware 2021 report, 24% of respondents from South Africa experienced a ransomware attack in the past 12 months and the average cost of remediating a ransomware attack in South Africa was $447 097.

The following six best practices can help defend against ransomware and related cyber attacks:

1. Assume you will be hit. Ransomware remains highly prevalent. No business, regardless of size or sector, is immune. It’s better to be prepared and not hit, rather than the other way round
2. Make backups and keep a copy offsite. Backups are the main method used by organisations surveyed to recover their data after an attack. The industry standard approach is 3:2:1 (three sets of backups, using two different media, one of which is kept offline).
3. Deploy layered protection. It’s more important than ever to keep cyber criminals out in the first place. Use layered protection to block attackers at as many points as possible.
4. Combine human experts and anti-ransomware technology. The key to stopping ransomware is a defence that combines anti-ransomware technology and human-led threat hunting. If you don’t have the skills in-house, consider enlisting the support of a specialist cyber security company.
5. Don’t pay the ransom. As the research shows, paying the ransom is an ineffective way to get your data back. If you do decide to pay, bear in mind that the adversaries will restore, on average, only two-thirds of your files.
6. Have a malware recovery plan. The best way to stop a cyber attack from turning into a full breach is to prepare in advance. Organisations that fall victim to an attack often realise they could have avoided significant financial loss and disruption, if they had an incident response plan in place.