What should organizations in the APAC region be doing to protect themselves against ransomware?
SEN: Once ransomware encryption has taken place, it is often too late to recover that data. While robust backup is a foundational best practice that organizations should prepare in the event of an attack, newer malware variants can also delete or damage backups.
The best defense against ransomware is proactive prevention and best practices to help keep operations secure include:
1. Training all employees on cybersecurity best practices: Your employees are on the front line of your security. Make sure they follow good hygiene practices, such as using strong password protection, connecting only to secure Wi-Fi, and being on constant lookout for phishing – on all of their devices
2. Keeping your operating system and other software patched and up to date: Hackers are constantly looking for holes and backdoors to exploit. By vigilantly updating your systems, you will minimize your exposure to known vulnerabilities
3. Using security software that can continuously monitor for and prevent unknown threats: While traditional antivirus solutions may prevent known ransomware, they fail at detecting unknown malware threats. Next-generation anti-virus solutions powered by machine learning, however, are able to identify early signs or indicators of attack (IoAs) to stop ransomware before it can be executed and inflict damage. Such solutions also double up as a ‘surveillance camera’ across all endpoints, capturing raw events for automatic detection of malicious activity not identified by traditional prevention methods and providing visibility for proactive threat hunting
4. Integrating threat intelligence into your security strategy: Keep up with the latest threat intelligence to detect an attack quickly, understand how best to respond, and deploy countermeasures within minutes to prevent it from spreading
Despite the increased worry over ransomware, the survey does note a positive trend – 76% of global organizations that suffered a ransomware attack upgraded their security software and infrastructure to reduce the risk of a future attack. In addition, 65% upgraded their security staff with the same objective in mind.
With that said, it bears repeating that it is still less about the ransom, but the business and reputational costs associated with the failure to prevent the attack that will have the greatest impact on an organization.
4. How much of a risk is nation-state intrusions on the average firm? Who should be worried?
SEN: For the past several years, CrowdStrike has continued to observe a blurring of the lines between nation-state and eCrime attack methodologies. This includes the use of eCrime tactics like ransomware by well-funded nation-state adversaries.
As the survey shows, a large majority of organizations in the APAC region (89%) are aware that nation-state attacks pose a threat, and many believe this situation has been exacerbated by the pandemic. In fact, 53% of respondents in the APAC region believe that vulnerabilities caused by the global pandemic are a key driver of malicious nation-state activity.
These vulnerabilities can include new attack surfaces exposed by rapidly enabling a remote workforce, BYOD (bring your own device) connecting to the corporate network, sensitive data exposed to unsafe Wi-Fi networks, and more.
Respondents in the APAC region also point to other motivating factors behind these nation-state attacks, with intelligence gathering from an organization that makes a product for a government and gaining financial or intellectual property cited by 49% and 55%, respectively.
Organizations are also aware of how tensions between countries can impact the threat landscape, with 91% of respondents in the Asia-Pacific region fearful that ongoing international rivalries may cause a considerable increase in cyber-threats.
Overall, the survey shows that the motivations driving nation-state attacks stretch far and wide, which explains why organizations across the spectrum are concerned.
5. What does it mean to layer security transformation into digital transformation and why is this important against both eCrime and nation-state actors?
SEN: There is no doubt that 2020 has been one of the most challenging years for organizations across the APAC region – and the concerns expressed by respondents in the 2020 CrowdStrike Global Security Attitude Survey are echoed by IT and cybersecurity professionals everywhere.
The good news is that organizations seem to have a better understanding of the risks they face and are more willing to invest in the rapid digital and security transformation actions needed to mitigate these risks. In the APAC region, for instance, 90% of respondents’ organizations have spent an additional US$100,000 or more to adapt to the COVID-19 pandemic, with 80% modernizing their security tools and 65% providing employees with security training or work from home training.
Best practices that organizations have taken to layer security transformation into digital transformation include:
- Continuing to invest in digital transformation to keep pace with the eCrime and nation-state threats. Replacing legacy, on-premises technologies with cloud-native platforms that are designed to protect remote and hybrid environments will be critical to ensuring protection in the new work-from-anywhere environments that are here to stay.
- Focusing on protecting all workloads wherever they are rather than maintaining security models built around network perimeters. This means implementing breach protection across private, public, hybrid and multi-cloud environments so organizations can rapidly adopt and secure technology across any workload.
- Integrating identity protection with run-time protection of workloads, endpoints and mobile devices to alleviate the strain on IT teams, and keeping the organization secure by allowing its team to plan, implement and migrate to the cloud-native applications the organization needs to secure its business and employees – no matter where they are located.
- Striving to meet the 1-10-60 rule that CrowdStrike introduced in 2018: one minute to detect a threat, 10 to investigate and 60 to contain and remediate. The Survey reveals that it takes organizations an average of 117 hours to even detect an incident or intrusion (reflecting very little improvement from 120 hours in 2019) – and many more to investigate and contain it. The CrowdStrike Falcon platform enables security teams to shorten the time to investigate and understand threats by providing deep context, seamlessly integrated threat intelligence and sophisticated visualizations.
The current threat environment, coupled with a global pandemic, can seem daunting – even insurmountable – when striving to ensure protection across remote and hybrid environments. However, with the right technology, people and processes, and continued investment in digital and security transformations, organizations in the APAC region can avoid becoming the next cyber breach victim.
Again, for survey respondents in the APAC region who have adopted these best practices, 80% reported a more positive outlook on their organization’s overarching security strategy and architecture over the next 12 months.