What business leaders need to know about ransomware

In partnership with TM ONE

In early July, cybercrime gang REvil hit Miami-based IT firm Kaseya. Said to be the largest of its kind ever recorded, the attack impacted over 1,500 companies in some 17 countries around the world that employ Kaseya’s services. These included kindergartens in New Zealand, IT businesses in Germany and petrol stations, pharmacies and a supermarket chain in Sweden. The latter had to close nearly 800 stores that were unable to operate their cash registers.

The Kaseya attack is the latest in a steady rise of cyberattacks around the world. Ransomware in particular has become more sophisticated. In 2020, for example, there were around 12,000 attempted ransomware attacks on SMEs in Malaysia. Details of some 38,000 credit cards issued by top Malaysian banks were also leaked online. In May of this year, Malaysia was impacted when hackers attacked the Asian operations of French insurer AXA, stealing some three terabytes of information.

Jaco Benadie of KPMG Malaysia has called the rise of ransomware between 2020 and 2021 “the second pandemic.” In Singapore, according to the latest annual report by the Cybersecurity Agency of Singapore (CSA), ransomware incidents in the city-state rose an alarming 154% in 2020. Even the UN Security Council held its first public meeting about cyber threats on national infrastructure.

During the pandemic, as more business operations go online and more teams accessing their company’s network via various devices at home, the rise of ransomware can impact businesses regardless of size, location and industry.

Here’s what business leaders need to know about safeguarding their operations, employees and even customers against ransomware attacks.

What is ransomware and how can it harm business

Ransomware is a type of malware weaponised by adversaries to extort companies. It works by encrypting files and folders and locking businesses out of their own property. It is typically used by organised crime groups on high-value organisations or vulnerable downstream businesses affiliated with the target organisation. As the name suggests, cybercriminals then demand a hefty ransom to restore access. In the case of Kaseya, REvil sought a staggering US$70 million.

In many instances, ransomware can quietly invade systems and lie dormant for months before being activated. According to IBM’s 2020 Cost of a Data Breach report, it can take an average of 280 days to even identify and contain a breach.

Newer, more sophisticated ransomware attacks can also involve blackmail. Cybercriminals may hold sensitive customer or business data hostage, threatening to publish it if the ransom is not delivered. As in the case of the Swedish supermarket chain, ransomware attacks can halt operations for days, destroy customer trust and damage brand reputation for many years to come. The IBM report also estimates that a data breach can cost a company an average of US$3.8 million.

Why ransomware threatens businesses of all sizes

While Kaseya is a relatively large enterprise, cybercriminals can threaten businesses of all sizes, including SMEs. Smaller companies affiliated with the larger enterprise may lack adequate cybersecurity infrastructure and be identified as weak links.

Hackers are particularly focused on targeting supply chains and system vulnerabilities that have resulted from an increasingly remote workforce and online operations. In Malaysia, a staggering 823 incidents were reported to Cybersecurity Malaysia, the national cybersecurity agency, in the first three weeks of the Movement Control Order (MCO) in March last year.

[Learn how businesses are addressing cybersecurity threats. Download the IDC Cybersecurity Insight: Malaysia 2021]

How companies can limit ransomware threats

Many breaches are avoidable when employees and business leaders are educated in basic cybersecurity hygiene. Individuals should always comply with their company’s cybersecurity policy. The use of multi-factor authentication has become essential due to rampant credential leaks from vulnerable applications and compromised devices.

At the company level, all network-ready devices should be equipped with endpoint controls, operate with least-privilege access and install any new software updates in order to benefit from the latest security measures.

Companies must also identify, protect and back up all systems and other business-critical assets and customer data. Most cybersecurity firms recommend not paying the ransom, as doing so identifies you as vulnerable to repeat attacks. So a usable back-up might mean that your company can resume operations without paying.At the organisational level, all businesses should have an emergency plan for business continuity in the event of an attack, and a reporting structure so that suspicious activities can be escalated immediately.

TM ONE, a trusted cybersecurity partner for SMEs and enterprises

At most companies, preventive responsibilities end up falling on the IT staff. But keeping abreast of ever-evolving cybercrime methods is a full-time job that most business leaders are reluctant to allocate resources for.

According to the IDC 2020 Asia/Pacific (excluding Japan) Enterprise Services Sourcing Survey, more than 70% of Malaysian organisations surveyed agreed that security is not their core expertise, and they would rather engage a trusted partner for their security needs.

Indeed, outsourcing cybersecurity to reliable third-party experts is both affordable and safe. In Malaysia, TM ONE, the enterprise and public sector business solutions arm of Telekom Malaysia Berhad (TM) is a leading regional cybersecurity partner, protecting data, identity, networks and devices through its TM ONE Cyber Defence Centre (CYDEC) programme.

As the only local Cloud Service Provider (CSP) for the Malaysian government, TM ONE is experienced in healthcare, finance, government and enterprise sectors, TM ONE CYDEC tailors cybersecurity solutions to needs and budgets of all sizes and provides continuous, real-time and predictive security. Its key services include Digital Risk Protection, Managed Security Services (MSSP), Managed Detection and Response (MDR) and Managed Unified Threat Management (MUTM).

By partnering with TM ONE CYDEC, businesses benefit from up-to-date knowledge on evolving cyber threats, careful audits of system vulnerabilities as well as compliance with existing government guidelines on consumer privacy. Where companies already have IT teams that do some cyber threat management, TM ONE CYDEC integrates with the existing systems to maximise protection.

Whether an organisation is a huge enterprise or a new online retailer, two things remain the same: the growing need for digital agility and hygiene and the rising threat of sophisticated cyberattacks. Building digital trust and cyber resilience are crucial for organisations of all sizes.

[Download this free report about Malaysia’s changing cybersecurity landscape]