Derek Cowan, Director of Systems Engineering – APAC, Cohesity
Every 11 seconds over 33,000 Google searches are entered throughout the world, in that same time somewhere an organisation will need to respond to a ransomware attack. Since the AIDs Trojan in 1989, the first large scale ransomware attack, organisations have been faced with the questions of: How do we respond? Should we pay the ransom?
This is no trivial matter, and in fact, it is likely to get a lot worse in Australia in 2022 and could become a top three matter for board room meetings all over the economy.
Australia is already a major target for ransomware.
According to the Australian Cyber Security Centre (ACSC), there was a 13 per cent jump in 2020/21 in the number of cyber-crime reports (more than 67,500). And that was just the ones which were reported. That means there was a cyber-attack on average against an Australian business every eight minutes in that year – and it included high profile targets like JBS Foods and Uniting Care Queensland.
As a result, Australia’s State and Federal governments continue to intensify their focus on addressing ransomware, including the Federal government’s Home Affairs Department issuing a Ransomware Action Plan document.
This package of legislation and investment in anti-cybercrime is one of the strongest to date in Australia, and includes the government introducing laws to make it a stand-alone offence for all forms of cyber extortion, reflecting the seriousness and prevalence of cyber-crime in Australia today.
Whether through legislation and regulation, investor confidence, or customer expectations, and now expert advice, both company directors, and senior managers need to be proactive and take responsibility in actively managing their organisation against the risk of ransomware – pleading ignorance will not be acceptable. As more and more company information systems are being accessed by work from home staff, including across public networks, what must be done? What is best practice?
It starts with making sure that a company ransomware strategy is understood across the relevant tiers and functions of an organisation, from the board all the way to the IT admin or security operations team, with risk and compliance brought in too. Like any crisis, it’s frankly too late to plan your response when disaster strikes. This is particularly important when it comes to handling a ransomware attack. In most cases, the answer to the question ‘should we pay the ransom’ is “no”. There are multiple reasons why paying a ransom is not an effective ransomware response or remedy. And, while it may seem easier to pay, ransom payment does not guarantee business as normal the next day.
In addition, those funds your organisation has paid could fund the next attack, which may even be a key partner or customer. It could also be illegal to pay a ransom depending on the jurisdiction of your organisation’s operations. Interestingly, AXA recently announced it will no longer sell cyber insurance covering ransomware.
Death, taxes and cyberattacks – they are the three certainties in modern life. Every organisation will fall victim to cyberattacks, for those that fall victim to ransomware there is a lasting threat to
business operations, and in many cases something malignant will have been going on for a long time.
A multi-layered security approach to prevent the attack is required upfront, but what about data recovery in the event of a breach of your network? A next-gen data management architecture offers organisations deeper data oversight and extends your security capabilities, ultimately providing a better chance of recovering against attacks. By understanding where your data resides and eliminating the fragmentation that occurs across multiple data silos, you immediately are in a better place to protect the precious data being held. Such next-gen data management solutions and services should consolidate silos, increase visibility, remove complexity, increase automation to eliminate human error and standardise processes, and offer immutable backup by design. Without this level of data management, organisations are unable to holistically protect, detect and recover from ransomware.
If you’re in a situation where you have been attacked and you must consider paying a ransom to get your data back, you’ve already lost. Businesses must get ahead of these attacks by preparing properly.
People focus on the defence, not on the recovery. Even though it may seem like the easiest way to get your business back up and running, paying a ransom doesn’t restore your system back to normal. There is often a lot more work to do, file corruptions, and a prolonged period of network/service outage. The quick dollar paid does not provide the remedy it promises. Taking proactive steps to next-gen data management, before an attack, by conducting regular backups and planning data recovery, will strengthen an organisation’s ability to respond and remedy a ransomware attack. For the organisations that take the passive approach, the crunch time of having to decide between paying a ransom to moderately recover, or losing it all, might be just eleven seconds away.