Disruptions ranging from ‘moderate’ to ‘significant’ expected by many security execs in event of ransomware attack
Ransomware, a form of malware that cyber criminals use to lock or steal a victim’s data prior to extorting them with a ransom, has become a leading cybersecurity threat in the modern business world.
Each year, dozens of companies fall victim to ransomware. Over the past decade we have seen global headlines related to high profile incidents, including the Colonial Pipeline attack of 2021, the JBS Foods attack, global WannaCry, Petya and NotPetya infections of 2016 and 2017, all the way back to the CryptoLocker outbreak in 2013, to name some of the most infamous.
Last year, the Singapore Computer Emergency Response Team, SingCERT (part of the Cyber Security Agency of Singapore) reported that throughout 2022, ransomware groups were “actively targeting high-profile targets, from critical infrastructure to entire government systems, either stealing massive databases or disrupting operations”.
The evolving sophistication and scale of the ransomware threat is one the CSA says it is monitoring closely. Organisations in Southeast Asia must be prepared, both to repel potential attacks and respond in the event of a breach.
Earlier this year, Corinium released a research report titled the State of Ransomware Readiness, Southeast Asia, after surveying 60 cybersecurity leaders in Singapore, Indonesia and Malaysia. This is an excerpt from that report.
In its Singapore Cyber Landscape Report 2021, published in August 2022, the Cyber Security Agency of Singapore (CSA) noted that 2021 represented an inflection point for ransomware, with attacks surging across multiple sectors and regions.
Locally, that report highlighted that 137 cases of ransomware were reported to SingCERT, up 54% from 2020. Organisations that were most affected consisted of small and medium enterprises in the manufacturing and IT industries.
The report stated that 2021: “saw ransomware attacks ‘graduate’ fully from once sporadic and isolated incidents, into legitimate national security risks – capable of massive and systemic attacks affecting entire networks of large enterprises”.
In 2022, SingCERT noted the “increased audacity and viciousness” of ransomware attacks could spell “further upswing in the already-brutal cyber extortion / ransomware trend”.
Certainly, it is more important than ever for organisations of all sizes to be prepared to face a ransomware event.
In our own research, we began our survey by asking cybersecurity leaders from Singapore, Malaysia and Indonesia about their confidence in their ability to recover quickly from a ransomware attack.
More than half, 55% of respondents indicate that they are confident that their organisation has a robust enough backup system to enable recovery and that they would more than likely experience only minimal disruption.
Just over 26% of respondents say they are ‘moderately confident’ in their organisation’s backup system, with 8% expecting ‘significant disruptions’. Some 37% expect ‘moderate disruptions’ in the event of a ransomware attack.
We also asked our survey group how confident they were in having complete knowledge of their organisation’s data backup and recovery strategy, in the event ransomware or another cyber event compromised their business.
Again, 55% say they are confident in their knowledge of their organisation’s data backup and recovery strategy, as well as the competency of their team. Just over 6% say they are not confident, but moderately confident in the competency of their team. A 38% portion of the survey group indicated being just moderately confident in having complete knowledge of their organisation’s data backup and recovery strategy.
While it is positive that more than half of respondents express full confidence in knowledge of their organisation’s backup and recovery strategy, this still leaves a many exhibiting less-than-ideal confidence, given how much of a threat ransomware poses to data and the criticality of backup.
Concerningly, 15% of respondents in our survey say they or a colleague have responded to a ransomware attack in the past 12 months. 53% percent say they have not, while 31% say they would prefer not to answer the question.