Ransomware attacks are real, ever-present and wreaking havoc across the board for businesses. The bad news is that this type of cybercrime does not just target large multinationals. In fact, these are most likely avoided as an attack is expected, making SMEs a much easier target. Gilchrist Mushwana, Director at BDO South Africa and Head of Cybersecurity Service Line, discusses the evolution of ransomware and the impact of the growing sophistication of these attacks on the country’s small and medium sized business sector.
According to research done by Kaspersky, ransomware attacks in South Africa have doubled over the comparative period of 2021. Transnet, Citypower, Dischem, Uber… these are just some of the big players who have faced the devastating effects of a successful ransomware breach. But don’t let these big names distract you from the fact that SMEs – a sector that represents more than 98% of businesses and employs close to 60% of our country’s workforce – are increasingly becoming prime targets of cybercrime.
No business is safe. In fact, ransomware cost the world – businesses and private users – 20 billion dollars in 2021 and that number is predicated to rise to a staggering 265 billion dollars by 2031. The average cost of a ransomware attack in 2022 is 4,62 billion dollars which equates to the annual salary of 27 senior-level employees.
SMEs are particularly vulnerable because they often do not or cannot invest in the appropriate security. A small consultancy, a manufacturer with 30 employees or an NGO with three people can all be technology-driven businesses that require just as much protection as multinationals, but in many cases, they simply do not take cybersecurity seriously. This may result in minimal budgets for cybersecurity programmes and plans, lack of internal education around cybersecurity and how to plan for and deal with attacks, and outdated software and devices that are no longer supported.
During the Covid-19 shutdowns, many small businesses also had to switch to remote work, opening them up to a range of cybersecurity issues, from workers using personal computers for work-related tasks to relying on the cloud with little or no IT staff or resources, the list goes on.
The evolution of ransomware
With the evolution of ransomware attacks comes renewed opportunities for cybercriminals to take advantage of these ‘easy targets’, so it is critical to be aware of these trends to ensure that you can be properly protected in the case of all eventualities.
A key trend is the rise of double extortion. This is where attackers exfiltrate victims’ data to an offsite location before encryption, then threaten to leak or publish the data if a ransom isn’t received. The combined threat of encryption and data exfiltration is a form of double extortion, and threat actors are increasingly leveraging this attack method as it proves to be more profitable.
There has been a shift in attacks to target critical infrastructure. This not only disrupts business, but also supply chains on a broader scale. Attackers are developing ways to bring down entire supply chains by exploiting multiple software vulnerabilities in multiple targeted attacks. This can cripple food networks, water supplies, fuel distribution and even hospitals and government. For businesses both large and small, supply chain attacks have the potential to inflict serious financial and reputational damage that can affect a company for years to come. Small firms are particularly susceptible to supply chain attacks because they may not have the resources to implement the security measures required to prevent them.
Ransomware is also becoming commercially viable in terms of Ransomware-as-a-Service (RaaS). RaaS is a type of pay-for-use malware that allows cybercriminals to buy already developed ransomware tools so that they can carry out large-scale ransomware attacks. RaaS essentially runs like an affiliate programme — for every successful ransom payment made, those who developed the tools receive a percentage. Because RaaS allows cybercriminals with basic technical skills to deploy a ransomware attack, this is growing business model that is set to fuel the threat landscape in 2022.
As much as things evolve, the fundamentals stay the same
Although the methods of cybercriminals have changed over the years, the premise of ransomware attacks remains the same: attackers target vulnerable victims, block access to something the victims need and demand a ransom to reinstate access.
What must remain top of mind is that no matter how sophisticated the attack, ransomware still needs a point of initial access to be effective. Cybersecurity is ultimately a human problem. Education about ransomware, the evolving nature of the attacks , and how to identify a potential ransomware attack is a critical first line of defense. Quite simply – a threat can’t be avoided if it is not recognised, and educating teams on how to identify potential cyber threats goes as long way to reducing the chances of an attack. Investing in ongoing cybersecurity training must be a priority if an organisation wants to become more cyber resilient.
Other important ways to ensure protection include the implementation of end point protections which involves securing endpoints and entry points for all enterprise devices within the organisation, proper password use and password management across teams can drastically reduce the chances of an attack, and maintain reliable offsite backups in a secure location with a robust recovery process plan.
Yes, it can happen to you
Attacks are also not always done in high-tech, sophisticated ways. An attack can occur as easily as someone walking into your reception and inserting a usb stick into an unmanned computer which can cause cost-inducing chaos.
Keeping yourself, and in turn your organisation secure, must always be top of mind. Email attachments and infected websites are the most common hiding places for ransomware, so treat all unexpected emails and messages as potential sources of danger and avoid clicking unnecessary banners on suspicious sites. Regularly save important files and documents to a cloud storage and to an external hard drive, and implement a recovery plan that can help you swiftly recover data in case of an attack. Update software regularly as cybercriminals often exploit known vulnerabilities that developers have already patched.
Most importantly, install a security system that can alert you immediately in the event of an attack. Responding to cyberattacks takes the average company 20.9 hours, equating to over two working days. In this time an incredible amount of damage resulting in massive expenses and major reputational damage can take place. A pre-execution, prevention-first approach is critical.
Human error is the leading cause of data breaches at small businesses with compromised credentials being one of the most common way cybercriminals initially attack a company’s data. Attacks are going to happen. The impact of ransomware attacks on a small or medium sized business can be devastating far beyond their financial costs. Education, preparation, and swift action are some of the most effective weapons we have in this cyber war – we must be prepared, and we must prepare our people, to use them.