Cyber crime becomes easier, pays more
Ransomware is rising to organisations’ top cyber security concern, as this form of cyber crime proves easier and more lucrative for criminals than many others.
This is according to Jason Oehley, Regional Manager at Arctic Wolf South Africa, who says: “What we are seeing is that cyber crime is now a $1.5 trillion industry causing $8.5 trillion in damage. It’s a massive business, with ransomware as a service and extortion as a service growing and operating like legitimate businesses. With AI-driven software development, the barrier to entry is getting increasingly lower, opening up opportunities for more actors to get into the act. On top of this, geopolitical instability and economic stress have sparked massive growth in ransomware and extortion.”
Arctic Wolf Labs’ new Threat Report for 2023 also warns that Web3 will also allow for new social engineering tactics.
The report says that in ransomware incidents investigated by Arctic Wolf Incident Response, the median initial ransom demand across all industries was $500 000 – including in South Africa.
Oehley says the largest ransom demands were made against victims in the tech industry, where ransoms topped $1 million. These are significantly higher than the losses in business e-mail compromise, which was a top concern last year, with an average cost of between $75 000 and $80 000.
Arctic Wolf notes that even if a victim pays the ransom, there’s no guarantee that the systems will be ‘unharmed’ or that the threat actors haven’t saved a copy of the data for future extortion. Oehley says: “Now we are seeing double and triple extortion attacks, where attackers return or start targeting their victims’ partners too.”
While 42% of global respondents and 32% of respondents in South Africa said they had experienced a ransomware attack in the past year, Oehley notes that many more may have been breached and not know it yet, according to the Global Cybersecurity 2023 trends report.
“Organisations need to have a solid understanding of their overall attack surface – not just their endpoints. Only 15% of attacks start at the endpoints. They also need to have 24/7 eyes on monitoring critical log sources for security threats, with multi-factor authentication across all applications used in the environment, and a mature zero trust security strategy in place. In South Africa, many organisations – particularly in the mid-market – aren’t using proactive management and don’t have a full understanding of their risk,” he says.
As South African organisations move to the cloud to support work from anywhere and mitigate the impacts of load-shedding, Oehley cautions that they should understand shared responsibility in the cloud. “They need to know where the cloud security responsibility ends and where theirs starts. Partnering with a company providing that as a service across on-premises, hybrid and public cloud helps reduce their risk.”
Comprehensive cyber security awareness, a strong security culture and proper incident planning help organisations mitigate risk and limit damage when attackers strike, Oehley says.
In the event of a ransomware attack, unprepared organisations tend to panic, Oehley says. “You must plan how you are going to fix or inoculate it because in the moment there is typically a lot of concern and confusion. Panic causes people to react, instead of thinking first and then reacting.”
Arctic Wolf’s Incident Response service, set to roll-out to South Africa and EMEA in the coming months, helps organisations remediate and respond appropriately. Oehley says: “Our experts go through this hundreds of times a year with customers; they know how to guide them through the processes, determine the extent of the breach, negotiate with the attackers and limit the potential damage.”