Difficult to insure against, but a fast-growing threat, leakage of sensitive data via ransomware attacks needs counterstrategies – fast!

Globally, organizations have paid ransom of more than US$500 million to cybercriminals in 2021, according to a Cybereason report. 

According to Sophos’ State of Ransomware 2022 report, despite having other means of data recovery, such as backups, 48% of organizations that had their data encrypted paid the ransom to get their data back.

The impact of a ransomware attack is immense for organizations, with the average cost to recover from a ransomware attack in 2021 placed at US$1.9 million, with organizations needing an average of one month’s time to recover from the damage and disruption.

For a better understanding of the threat of ransomware attacks on organizations and why organizations are continuing to bend to cybercriminals’ ransom demands, CybersecAsia sought out some insights from Dr Mark van Staalduinen, Managing Director, CFLW Cyber Strategies.

CFLW (read ‘sea-flow’) believes that agility and adaptability are keys to addressing the constantly changing tides of cyberthreats, and that the fastest approach to strategy-making is to jump on the right ‘flow’ with pre-defined strategic objectives.

Are organizations in Asia Pacific better equipped to deal with ransomware today compared to the past two years? Is ransomware a bigger threat in the region than before?

Dr Mark van Staalduinen (MvS): On the whole, we are certainly better equipped to deal with ransomware compared to two years ago. At the same time, cybercriminals have also upped their game.

Due to the pandemic, most people have worked online during the past 2 years, which has accelerated the pace of digital transformation and increased the attack surface significantly.

In my opinion, ransomware does not present a bigger threat to Singapore or South-east Asia than the rest of the world, as attackers are driven mainly by economic benefits and mainly follow the money.

What are some reasons why organizations continue to pay ransom to cybercriminals? Isn’t data recovery capabilities sufficient to deal with ransomware attacks?

MvS: Cybercriminals have modified their tactics such that victims’ confidential data is first encrypted then subsequently leaked online.

In this regard, CFLW’s Dark Web Monitor oversees more than 40 campaigns where ransomware attackers share data which they have stolen. Such data can be quite sensitive; therefore, many organizations are willing to pay to get their data back, to avoid unauthorized information disclosures.

Are organizations over-relying on cyber insurance and neglecting cybersecurity measures?

MvS: Leakage of sensitive data is difficult to insure because it involves reputational risks, rather than merely operational downtime, which is more straightforward to quantify in terms of costs.

Although effective cybersecurity strategies are crucial, robust resilience and recovery strategies are equally important, to ensure that organizations are able to respond adequately when, for example, sensitive data is leaked.

Sensitive information should be treated as a precious asset and managed accordingly.

What are the implications of organizations continuing to bend to cybercriminals’ ransom demands?

MvS: The implications of continuing to bend to ransom requests are that cybercriminals will only grow bolder with their demands and ransom requests will only grow costlier.

Therefore, it is imperative for organizations to enhance their data security to safeguard against perennial threats posed by cyber-attacks and ransomware.

In addition, organizations should also develop effective counterstrategies and be prepared on how to negotiate with ransomware attackers as enhanced data security does not preclude cybercriminals issuing further threats or ransom demands should any opportunity or loophole present itself.