Organisations never the same after being hit by ransomware
KUALA LUMPUR: Sophos announced the findings of its global survey, ‘Cybersecurity: The Human Challenge’, which reveals that organisations are never the same a er being hit by ransomware.
In particular, it noted that the confidence of IT managers and their approach to ba ling cybera acks differ significantly depending on whether or not their organisation has been a acked by ransomware.
For instance, it explained that IT managers at organisations hit by ransomware are nearly three times as likely to feel “significantly behind” when it comes to understanding cyberthreats, compared to their peers in organisations that were unaffected (17 per cent versus six per cent).
More than one third (35 per cent) of ransomware victims said that recruiting and retaining skilled IT security professionals was their single biggest challenge when it comes to cybersecurity, compared with just 19 per cent of those who hadn’t been hit.
When it comes to security focus, the survey found that ransomware victims spend proportionally less time on threat prevention (42.6 per cent) and more time on response (27 per cent) compared to those who haven’t been hit (49 per cent and 22 per cent respectively), diverting resources towards dealing with incidents rather than stopping them in the first place.
“The difference in resource priorities could indicate that ransomware victims have more incidents to deal with overall. However, it could equally indicate that they are more alert to the complex, multi-stage nature of advanced a acks and therefore put greater resource into detecting and responding to the tell-tale signs that an a ack is imminent,” said Sophos principal research scientist Chester Wisniewski.
The fact that ransomware a ackers continue to evolve their tactics, techniques and procedures (TTPs) contributes to pressure on IT security teams, as evidenced by SophosLabs Uncut’s article, ‘Inside a New Ryuk Ransomware A ack’.
The article deconstructs a recent a ack involving Ryuk ransomware. Sophos incident responders found that the Ryuk a ackers used updated versions of widely available and legitimate tools to compromise a targeted network and deploy ransomware.
Unusually, the a ack progressed at great speed – within three and a half hours of an employee opening a malicious phishing email a achment, the a ackers were already actively conducting network reconnaissance. Within 24 hours, the a ackers had access to a domain controller and were preparing to launch Ryuk.
The difference in resource priorities could indicate that ransomware victims have more incidents to deal with overall. Chester Wisniewski