Page 143 - Cyber Defense eMagazine April 2023
P. 143

Ransomware as a service (RaaS) fuelling attacks

            “Computer as a Tool” cybercrime however, is much more prevalent because the skill set required to
            execute attacks is less demanding. In these cases, the attacker relies on human error or ignorance to
            exploit a device or network. The statistics are alarming, phishing attacks on mobile devices make up 60%
            of cyber fraud and 95% of data breaches are caused by humans. Organised crime syndicates are now
            selling RaaS (ransomware as a service) tools to would-be hackers, it’s estimated that a ransomware
            attack occurs every 39 seconds, and in a recent Microsoft report the number of password attacks reached
            921 attacks per second in 2022, an increase of 74% in just one year.

            Attacks  on  such  strategic  and  important  organisations  like  Nato  (and  a  host  of  other  organisations
            including  Royal  Mail  and  American  Airlines)  should  be  limited  to  movie  screens,  unfortunately,  the
            breaches are very real and the threat is growing. Best estimates predict that the financial fallout from
            cyberthreats in web 2 and web 3 could cause A $10 Trillion cyber damage headache by 2025.



            Why the battle is being lost

            According to Statista, revenue in the Cybersecurity market is projected to reach US$173.50bn in 2023
            and the average Spend per Employee is projected to reach US$8.19k, so there is a lot of money being
            thrown at the problem.


            There’s  a  myriad  of  reasons  why  traditional  cybersecurity  is  failing,  fundamental  issues  include  the
            exponential increase in ransomware precipitated by the pandemic and the hasty shift to remote working
            (an increase of 148% in 2020 alone). This shift to BYOD (bring your own device) and cloud computing
            happened with little time to put strategies and technology in place for IoT security. Due to business
            revenue decreases in almost every sector during the lockdowns, IT budgets were cut and staff were
            culled, resulting in a skills gap, and this culminated in increased cybersecurity weaknesses.

            These core issues played right into the hands of cybercriminals and they took full advantage. Innovation
            in  cybercrime  technology  is  as,  if  not  more,  robust  than  cybercrime  prevention  technology.  Cyber
            criminals  have  funding,  knowhow,  time  and  incentive  to  sharpen  their  skills.  While  payouts  for
            ransomware according to a Chainalysis report revealed that funds sent to known ransomware addresses
            globally fell from $765.5 million in 2021 to $456.8 million in 2022, it's premature to celebrate. Even though
            there is increasing resistance to paying ransoms, there is still the sticky issue of compromised data. The
            hackers still have access to the data they stole and will no doubt be selling it to other nefarious actors.




            Using teaspoons to dig a trench

            In an increasingly decentralised and networked world, current cybersecurity solutions are no match for
            cybercriminals. While cybersecurity mesh architecture (CMSA) championed by Gartner is gaining traction
            it doesn’t go far enough.

            Current  cybersecurity  is  centralised,  configuring  network  devices  to  operate  in  silos,  all  served  by
            cybersecurity software that operates from opaque systems that can’t be audited. In essence, every new




                                                                                                             143
   138   139   140   141   142   143   144   145   146   147   148