(844) 627-8267
(844) 627-8267

Australian organisations hit hardest by ransomware had 17 incidents in a year | #ransomware | #cybercrime

GUEST OPINION:  As public attention returns to ransomware, organisations need to build better business resilience.

A high-profile incident impacting the medical information sector in Australia has put the public spotlight back onto ransomware.

But even if it’s been in and out of public view, ExtraHop’s 2024 Global Cyber Confidence Index shows that the threat is as real as ever: 82% of Australian survey respondents reported experiencing six or more ransomware incidents in the last calendar year.

This 82% topline figure masks a lot of nuance. The actual number of ransomware incidents seen over the 2023 calendar year presents a sobering picture, to say the least.

There are a number of ways to slice and dice the data, but just to select a brief sample of these different views:

  • The 10% of most heavily targeted organisations experienced 15 or more incidents across 2023.
  • Three Australian organisations reported 17 ransomware incidents in the space of a year.
  • Only 6% of organisations managed to avoid a ransomware incident in the period altogether.

Given a majority of Australian organisations had at least one incident, what is it that caused some to have a handful, and others to surpass a dozen attacks?

One thing that’s clear is that size mostly doesn’t really come into it. Enterprises of between 1000 and 5000 staff see fairly consistent targeting and infections.

While the largest organisations do appear to experience fewer ransomware incidents, it may be because they have greater resourcing levels and protections around some of the typical entrance points exploited by ransomware threat groups – such as compromised credentials or phishing. However, the research shows that the largest organisations are much more likely to still be running at least one insecure network protocol that threat actors are known to exploit in ransomware attacks, compared to organisations of other sizes. This can explain why attacks in this cohort are still getting through.

Organisations are paying the ransom

A second noteworthy aspect of the research shows how ransomware threat actors are raking in ransomware payments from Australian organisations.

Of those surveyed, more than three in four (77%) that experienced a ransomware attack paid up in 2023, compared to 82% in 2023 and 72% in 2022.

Again, there’s some nuance in this topline figure that is worth breaking out:

  • One in three (36%) pay the ransom either “most” or “all” of the time.
  • Just under 30% say they have paid “a few times”.
  • Only 23% say they follow Australian cybersecurity authority and Government guidelines to not pay a ransom.

Organisations may be paying because they can’t afford risking the loss of data or assets being held ransom. This could be due to a variety of factors. For one, they may lack the business and operational resilience to weather a ransomware attack. So they pay the ransom out of desperation or necessity, believing that paying the ransom provides them with the quickest path back to restored business operations. And when people’s health or lives are at stake, depending on the organisation, some have no choice but to pay.

But this strategy is likely to backfire: paying the ransom doesn’t guarantee an organisation will get its data back. Moreover, separate research shows that organisations that have fallen victim to a ransomware attack are six times more likely to be targeted again over the next three months.

On average, ransomware payments averaged nearly $1.3 million per organisation in the last year. That’s before adding in other costs, such as incident response and remediation, customer notifications and credit/identity theft monitoring, and any potential regulatory fines and legal fees. There may also be other unrealised costs associated with remediation, such as any mid-term impact on quarterly earnings and – where listed – on stock prices as well.

Network visibility is a must

With the proliferation of AI and an advancing threat landscape, it’s likely we see ransomware attacks continue to be a problem over the remainder of 2024 and into 2025, as threat actors tied to nation-states use ransom payments to finance military operations or further political goals. These groups are highly sophisticated as they target specific organisations and know how large of a payment their victims can afford.

The evidence suggests organisations may be ill-prepared for these incidents, and in particular, that they lack the network visibility required to detect and stop ransomware attacks in their early stages, before threat actors can achieve their objectives. A lack of network visibility can lead to lost revenue from downtime and costly ransom payments.

Australian organisations seeking to gain greater insight into activity on their network and to buy down their ransomware risk should strongly consider investing in better network visibility as a way to build business resilience. By establishing visibility across network traffic, and all devices and cloud assets connecting to the network, organisations are better-placed to spot vulnerable devices, insecure protocols, and unpatched software that could be exploited by ransomware groups.

Source link


National Cyber Security