Throughout history, criminals have always found ways to exploit valuable resources. The illicit trade of gold and oil are just two examples of how precious commodities have been targeted. In today’s digital age, data has become the crown jewel of desired commodities and cybercriminals are constantly developing new and sophisticated ways to steal it.
Our Rubrik’s Zero Labs Report found that over the last year, 66 percent of organizations in Singapore have experienced between 1-25 attempted cyberattacks. While it is impossible to prevent all attacks, organizations can take steps to minimize the impact of a data breach. This includes having a solid data security strategy in place and being prepared to respond quickly and effectively during a cyber incident.
Cybercrime’s rapid evolution
The proliferation of technology has transformed cybercrime. Notably, the increasing reliance on digital channels has made cyberattacks more common and devastating. The availability of the cloud, which did away with physical files, meant that the data of individuals and entire organizations are being stored online. The vulnerability of that data continues to attract cybercriminals to capitalize on ransomware and its lucrative payouts.
This has given rise to Ransomware-As-A-Service (RaaS), which is a form of cybercrime that allows attackers to monetize their skills and tools as a service offering to any willing buyer. RaaS provides a franchise-like experience for cybercriminals. Instead of developing their own malware, attackers can simply log in to a RaaS portal, customize their attack, and instantly deploy it to victims.
In 2022, a report by ISC2 Cybersecurity Workforce Study revealed that global cybersecurity workforces grew 11 percent year-on-year, with Asia Pacific (APAC) clocking the greatest growth at 15 percent. Despite such a trend, our report revealed that 93 percent of organizations reported problems with their backup and recovery solutions and in Singapore, 57 percent of respondents remain uncertain about business continuity in the event of a cyber attack.
Nevertheless, there is hope—by prioritizing the mitigation of a breach’s impact, organizations can effectively outsmart the attackers and regain control in the face of cybercrimes.
First, it’s critical to understand the impact cybercrime has on the organization. The best way to do this is to understand the value criminals derive from data following an attack. The value cybercriminals find in data is two-fold. If an attacker can deny an organization access to its data, that organization will find it near impossible to operate until that data is restored. The attacker can then demand a ransom from the victim to return the data.
This is the classic “denial of data” ransomware attack. An inability to operate is one of the top business risks organizations face. Staring down the prospect of days, weeks, or months offline, our study found that 72 percent of organizations made the difficult decision to pay attackers to regain access to their data. Yet, once the ransom is paid, there is no guarantee the data will be returned. In fact, only 16 percent of those who paid a ransom were able to recover all their data.
In a newer approach to monetizing cybercrimes, perpetrators are resorting to stealing sensitive data from their victims, often encompassing personal customer information and financial records. They then leverage this stolen data by issuing threats to publish or sell it on the dark web, employing an “exfiltration” style of ransomware attack. An example of this occurred recently when one of Singapore’s leading telcos, fell victim to such an attack. In this incident, over 11 gigabytes of stolen data were exposed online, and the hackers demanded a ransom of $250,000 worth of bitcoin.
Adopting a zero trust data security strategy
Ransomware often leads to the question of why people pay the ransom. Part of the reason is that legacy backup and data protection solutions were meant to recover from natural disasters, therefore they lack the capability to defend against cyber threats like malware, leaving organizations with limited recovery options after an attack. In such situations, companies weigh their choices and frequently end up paying the ransom if they lack proper data security. Recovering data typically takes at least seven days on average, during which essential systems are offline, posing a significant risk of business closure.
Advanced ransomware has evolved to target online backups, causing encryption or complete deletion. Retrieving offline backups, like tape backups, is time-consuming, pushing organizations to opt for ransom payments to resume operations quickly. Furthermore, many organizations lack visibility into their backups, which can inadvertently reintroduce malware, making rapid and accurate ransomware investigation crucial.
To address these challenges, organizations must be educated to proactively mitigate these incidents to confidently maintain operations without constantly fearing repercussions. With a zero-trust data security strategy, recovery times become more predictable. A zero-trust model ensures all data access goes through a secure process. This logical airgap prevents ransomware from discovering or accessing backups over the network, making it an essential part of any modern protection strategy.
Instead of succumbing to ransoms, organizations can recover from ransomware attacks within hours by quickly assessing the situation and executing tested recovery procedures. Using backup data to identify and isolate anomalies, victims can recover rapidly from a clean, recent copy.
During an exfiltration attack, ransomware criminals profit when victims are unaware of the extent of sensitive data compromised. However, through the application of machine learning and artificial intelligence, it becomes feasible to scan the entire environment, locate sensitive data, and enforce appropriate security measures before an attack occurs. Consequently, organizations can confidently assert that personally identifiable or sensitive data remains uncompromised when defenses are breached.
Implementing these targeted approaches provides organizations with a predictable, measurable, and demonstrable recovery strategy. This effectively disrupts the ransomware business model, transforming potentially catastrophic events into minor inconveniences. One certainty is that criminals will always seek new avenues for financial gain. While we cannot eliminate the cycle of crime, we do possess the opportunity to dismantle the ransomware business model and diminish the value attackers find in targeting data.
Abhilash Purushothaman is Vice President & General Manager (Asia) at Rubrik.
TNGlobal INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.
From fragility to empowerment in the era of generative AI and blockchain