Ransomware soars as enterprises struggle to respond | #ransomware | #cybercrime

In a year where ransomware is on the rise, two organizations in an industry known for its effective physical and cyber security were hit with ransom demands.

Both MGM Resorts International and Caesars Entertainment were targeted earlier this month. Caesars disclosed it quietly paid $15m to hackers who had breached its customer loyalty database, negotiated down from the initial $30m demand. MGM went the opposite route, refusing to pay hackers who took over its Okta authentication servers. The result was a multi-system outage that affected everything from reservation systems and digital room key processes to casino floor operations for at least ten days.

The events in Las Vegas stimulated lots of discussion about ransomware and what is the best strategic response to it. There is evidence that after a slight decline in ransomware incidents last year, in 2023 breaches that come with a demand for payment are soaring again.

Ransomware insurance claims on the rise

In its mid-year cyber claims update published this month, cyber insurance provider Coalition Inc. reported that claims rose 12% in 2023 over the prior year. Coalition, which consolidates claims and incident data from across the cyber insurance sector said ransomware demands account for nearly one-fifth of all claims, the single biggest factor in claims filings. Overall, ransomware claims increased 27% in the first half of this year.

While the number of claims rose across all revenue levels, businesses with more than $100m so the biggest increase at 20%. The cost of the claims also soared, increasing by a staggering 42% in the first half of 2023. Claimants reported an average loss of more than $115,000. Coalition did note that number was at its historic highest in the 2H 2021 at $127,950.

Hacking gang ‘mergers’

There are reports that ALPHV, a Russian hacking group and other hacking gangs, are joining forces with young English speaking hackers to increase their “successes.” ALPHV said its breach of MGM’s systems started with a LinkedIn search to find staffer and a ten minute call to the Help Desk. MGM has not confirmed that is how it started but it is unfortunately feasible.

If we learn anything from these incidents it is how woefully underprepared organizations are to defend their assets, including precious customer data, from a breach. MGM’s flat-footed response led to huge operational and reputational losses. While cyber insurance could cover up to a $200m loss, the damage to its reputation could prove even more costly in the long-term.

What is also clear from the MGM incident is the lack of business continuity/disaster recovery (BC/DR) planning and processes were in place. This should be a lesson for every board of directors and executive suite. Every organization has vulnerabilities and points of exposure; there should be an effective BC/DR plan in place to keep operations moving forward in the event of a breach, whether is ransomware-related or not.

Source link

National Cyber Security