ARTICLES

The cost of distraction

In January and February 2021, 37% of global organisations fell victim to ransomware. In the Netherlands, 32% of organisations were hit by this type of cyber attack and 53% of Chief Information Security Officers (CISOs) in the region have said that their company has seen more targeted attacks in 2021. And yet, a remarkable 35% of users are only a little concerned about the threat of cyber-attacks. This in spite of 53% receiving phishing emails, 9% being caught by ransomware, and 29% being lured by social engineering. According to Jayson O’Reilly, General Manager for Cybersecurity at Atvance Intellect Netherlands, companies often remain complacent and unaware of their networking blind spots. Today they should be bolstering their defences, understanding their adversary and working to ensure that their internal process and procedures can handle an attack.

“A human firewall is simply not enough to hold back the sophistication and automation behind these digital attacks - the future of security lies in leveraging the data and technology.” say Ruby Hansen, Atvance Intellect’s Data Analytics Business Development Manager. “We are seeing a growing interest in providing organizations with real-time insights for proactive assessment and rapid investigation of potential ransomware threats – a trend we can expect to increase. But as always, security in layers is key – we must utilize the data, technology and teams.”

“Ransomware is hardly new, first discovered in the 1980’s, but attacks are increasing in volume and sophistication,” O’Reilly explains. “They are also, thanks to their increased success rate, causing significant damage to company revenue and reputation. Many of the attacks being perpetrated today leverage old techniques using new technologies to find cracks in corporate defences. Using internet bots, and social engineering information, attackers are moving at scale and speed.”

The latest attacks to hit companies in the Netherlands have been brutal, and on a global scale. Companies in the Netherlands were among the 200 that fell prey to a ransomware attacked released by a Russian hacker group in July 2021 into ICT service provider, Kaseya’s VSA server. The ransomware was released into Kaseya’s system in early July using a malicious patch and promptly spread through its system, and into the systems of its clients. The National Cyber Security Centre in The Hague warned companies to disable the VSA product that was compromised with the ransomware but for many, the warning came too late.

“These attacks are among the most well-known, but there have been many others that have left companies struggling with the complexities and fallout of ransomware attacks and cybercrime,” says O’Reilly. “The situation has been worsened by the remote and hybrid working models introduced by the pandemic. With more people working online and outside of rigorous ICT security controls, hackers are taking advantage of unexpected vulnerabilities, and good old fashioned human error.”

In May 2021, the Colonial Pipeline attack stood testament to the worst that could happen in the wake of remote working and limited security visibility. As one of the largest oil pipelines in the United States, the Colonial Pipeline shut down completely as it wrestled with a very successful attack perpetrated by a gang known as Darkside. It took just over two weeks for the company to return systems to normal. This hack pointed to two very important security steps – get a solid view of security and find the gaps before they get found by someone else.

“Security teams are facing the kind of pressure that they never expected to face, not even with the slow introduction of remote working prior to the pandemic,” says O’Reilly. “Now, instead of a thousand people in one place, there are thousands of places within one system. It’s a complex and challenging process that requires more than some hands-on employee training and a firewall.”

The situation is further complicated by the fact that, along with a steady increase in the attacks and their success rates, there is a steady increase in regulatory requirements. Now, it’s not just the GDPR that companies must deal with if they are hacked and fail to meet rigorous compliance standards – there are around 130 different bills currently in play across the world. These affect the operations of companies that work with, or in, these countries. Security must move from “ticking boxes” to a way of thinking, a culture of secure behaviour, and an investment into agile and ever-evolving systems that can adapt to the cyber threat.

“Prevention is the future, it’s the real road to a healthy security framework,” adds O’Reilly. “The business has to put several steps in place that absolutely reinforce the weight of its security and the value it places on its systems and data. Many ransomware attacks wait for months before they activate, just so they can form part of the backup. Then there is no recourse for the company because every system is compromised.”

There are plenty of guides that lay out step-by-step guidelines to security in the pandemic era. These always include training (invest into that human firewall), systems (the best of the best), and policies. But these are not enough. Ransomware is a trending phenomenon because it is slipping past these defences, and because cybercriminals take advantage of the fact that companies always think that it won’t happen to them.

It is time for organisations to take back the control through visibility and prioritisation of their own threat ecosystem. Companies need to understand what the hacker sees – pen testing is not enough, companies needs to: embed user behaviour analytics into the security portfolio, consolidate the number of vendors you have in your environment and understand what and who has access to the company data. Without this companies can not stand up against the invisible enemy, who doesn’t play by the rules.

“It will happen to you, and it’s not going away,” concludes O’Reilly. “Prevention is a cultural mindset and collaboration with trusted third-party service providers is more important than ever. We need to leverage technology that delivers niche, targeted security services and that give relentless visibility into systems, platforms and vulnerabilities. Plan ahead, plan again, and then prevent.”