If cybercrime organisations could be publicly traded, it would likely create a new, multibillion-dollar industry. During the past year, IT and network professionals across sectors were faced with the unexpected challenge of facilitating remote and hybrid working environments. As a result, large-scale changes in remote access architectures and cloud-delivered services were required.
In many cases, this led to increased adoption of software-as-a-service (SaaS) models – and of course, these significant changes have introduced increased cybersecurity risks. Cyber-attackers are taking advantage of shifts in business connectivity and finding creative, new ways to exploit security vulnerabilities.
According to a report by Cybersecurity ventures, global cybercrime costs are expected to increase by 15 per cent annually over the next five years, reaching $10.5 trillion by 2025. In the past few months, the Middle East has seen a surge of cyberattacks ranging from phishing, scams, data breaches, and ransomware. The consequences for enterprises ranged from critical data loss to financial damage. In fact, according to a 2020 study by the Ponemon Institute and IBM security, the cost of a data breach in Saudi Arabia and UAE rose by 9.4 per cent. On average, these attacks cost companies $6.53m per breach, which is much higher when compared to the global average of $3.86m per breach.
Decoding the financial threat to organisations
Ransomware attacks are just one of many tactics. Threat actors also use distributed denial-of-service (DDoS) attacks to increase the pressure. For example, with DDoS extortion (aka ransom DDoS) attacks, cybercriminals threaten individuals or organisations with a DDoS incursion unless an extortion demand is paid. The threat actors behind last year’s Lazarus Bear Armada (LBA) DDoS extortion campaign used a variety of vectors and methods to target thousands of companies across a range of industries. Not surprisingly, data from Netscout’s 16th annual Worldwide Infrastructure Security Report (WISR) shows that DDoS extortion attacks grew by an astounding 125 per cent in 2020.
Triple extortion attacks combine file encryption, data theft, and DDoS attacks to create even more disruption. Ransomware gangs SunCrypt and Ragnar Locker were early adopters of this tactic. Today, we see it deployed via well-organised business models that include ransomware-as-a-service, affiliations, and support centers.
Paying the ransom is tempting for many victims of these attacks, if for no other reason than to try to curtail the damage done by an extended shutdown. This is one reason cyber insurance has become such a popular choice for organisations hoping to cover potential losses from a cyberattack.
Investing in security is key
As the cost and complexity of cyber insurance increases, it’s clear that simply insuring against cyberattacks is insufficient. In fact, a recent report from Accenture found that as the cyber insurance market hardens, underwriters have a host of data available for winnowing out the high-risk companies that don’t practice good cyber hygiene. These insurers increasingly will reward companies that can demonstrate robust cybersecurity best practices, such as the following:
· Avoiding the network breach. Best practices include educating users on proper cybersecurity hygiene and employing network and endpoint cybersecurity protection solutions to detect malware, anomalous activity, or indicators of compromise (IoCs).
· Paying attention to the basics. Back up valuable data and test data-restoration plans. Run vulnerability assessments and patch and update computer systems accordingly to avoid compromise.
· Deploying continuous threat intelligence. Staying abreast of the latest threat intelligence helps companies detect, investigate, or proactively hunt for IoCs that could precede a ransomware attack.
· Using proper DDoS protection. DDoS attacks are increasing in size, frequency, and complexity. Best practices in DDoS mitigation include a hybrid, intelligent combination of cloud-based and on-premises DDoS mitigation.
As we know, adversaries thrive on constant innovation. Attacks will only grow more complex, and threat actors will continue to discover and weaponise new attack vectors designed to exploit the vulnerabilities exposed by this enormous digital shift. Therefore, security professionals must remain vigilant to protect the critical infrastructure that connects and enables the modern world.
Battling cybercrime is a multifront war, and modern-day DDoS attacks are complex, multi-vector, and dynamic. Companies need to make ongoing investments in security to adapt to today’s constantly evolving threat tactics. The more robust a defense is, the more capable a company will be in fending off the growing number of cyber threats.
Gaurav Mohan is the VP Sales, SAARC & Middle East, Netscout