Speaking at Chatham House's cyber conference, the head of Britain's National Cyber Security Centre stated that ransomware is "the most immediate danger to UK businesses". Ms Cameron is not alone in this assertion: Jeremy Flemming, the director of GCHQ said in October that ransomware attacks in the UK had doubled in the past year, and The Whitehouse and the EC have both signaled an urgency in tackling them.
Ian Wood is Senior Director and Head of Technology, UK&I at Veritas Technologies.
But, why now? In part, the answer lies in the repercussions of the COVID pandemic. For the criminals, many sources of income dried up as people stayed at home, which meant much more of a focus on those vectors that still worked – like ransomware attacks. There was also time to focus on making their approach more sophisticated, for example, linking exfiltration malware to encryption malware to maximize the impact of their attacks and encourage more victims to pay up.
From a business perspective, more employees were – and still are in many cases – working from home. Each of these workers, accessing their corporate systems remotely, represent a chink in the armor of their employers. Their devices ‘out in the wild’ often lack the rigid security measures in place inside the corporate firewall, so they became great targets for hackers as they looked for ways to compromise networks.
Most critically though, as businesses focused on radically accelerating their digital transformation to cope with the demands of the pandemic, their security hasn’t always been able to keep pace. And it’s this lag that is creating a heightened state of vulnerability to all manner of incidents, but especially ransomware.
How big is the challenge?
Research from Veritas, looking in the ‘vulnerability lag’, found that only 61% of IT leaders believe that their organization's security measures have fully kept up since the implementation of COVID-led digital transformation initiatives over the past 18 months and over half believe they now have cybersecurity gaps.
And the problem is going away any time soon. The same group estimates that it will take them another two years, on average, to fix their current cybersecurity issues.
In the meantime, the hackers are subjecting them to a barrage of attacks. A staggering 88% of organizations have experienced downtime in the last 12 months as a result of cyber breaches. The average organization experienced 2.57 ransomware attacks that led to downtime, with 14% having been hit five times or more. Reflecting these stark figures, Canalys recently reported a ‘data breach crisis’ with ‘more records compromised in just 12 months than in the previous 15 years combined’.
The warning from Canalys Chief Analyst Matthew Ball is stark: “A lapse in focus on cybersecurity is already having major repercussions, resulting in the escalation of the current data breach crisis and acceleration of ransomware attacks… Prioritize cybersecurity and invest in broadening protection, detection and response measures or face disaster.”
As Ball highlights, ransomware has become the weapon of choice for many attackers. Such attacks have escalated throughout the pandemic and show no signs of slowing, causing significant downtime for companies.
Is there a quick fix solution to the vulnerability lag?
As Frank Dickson, program vice president at IDC remarked, "As the greed of cyber miscreants has been fed, ransomware has evolved in sophistication, moving laterally, elevating privileges, actively evading detection, exfiltrating data, and leveraging multifaceted extortion. Welcome to digital transformation's dark side!"
This should be motivation enough for those dealing with vulnerability lags to up the pace of their recovery efforts tied into encompassing transformation strategy.
However, businesses are concerned that there is no quick fix to the threat of vulnerability lags. Globally, security leaders estimate it will take two years for protection to catch up, and shortening the lag would come at a price. On average, IT leaders say that moving faster to close the gaps within a year would require another $2.47m and 27 new members of IT staff each.
In Europe, it was French organizations who predicted they would need the greatest level of investment - $2.88m. The view was not much brighter in the UK, with organizations estimating they will need around $2.66 million.
Looking ahead and closing the gap
It’s not the case, however, that businesses are faced with the impossible choice of either spending money they don’t have to hire staff that don’t exist, or continue to live with the cost and disruption of ransomware. Increasingly, IT leaders are turning to technology to solve its own problems.
Data protection solutions powered by AI and machine learning are helping to reduce the burden of defending against ransomware attacks, enabling organizations to catch up faster, without needing to look beyond the talented teams that they already have. Businesses are also able to further reduce admin by adopting single solutions that can be deployed across their entire data estates so that they manage one tool instead of many.
The good news is that, once they have banished their vulnerability lags, organizations can look forward to a brighter future. Organizations without gaps, the Veritas survey found, experienced around five times fewer ransomware attacks leading to downtime in the last year, than those whose security was still lagging behind.
