Page 58 - Cyber Defense eMagazine December 2022 Edition
P. 58

Ransomware severity is likely to remain a key threat for businesses, fuelled by the growing sophistication
            of ransomware gangs and rising inflation, which is reflected in the increased cost of IT and cyber security
            specialists.



            Action on ransom payments on the horizon

            High profile disruptive cyber-attacks, such as the 2021 Colonial Pipeline incident, have put ransomware
            on the political agenda, sparking a redoubling of law enforcement efforts. Attention has also turned to the
            payment of ransom demands, with new rules and potential bans on the horizon.

            Ransom  demands  continue  to  rise.  According  to  the Paloalto Ransomware  Threat  Report,  ransom
            demands increased by 144% in 2021, while the average payments rose 78%. Some 46% of companies
            paid ransoms in order to get data restored, according to Sophos.

            The payment of ransom demands is a contentious topic. Critical service providers, such as hospitals or
            power companies, may have little option other than to pay a ransom demand in order to avoid crippling
            disruption. On the other hand, paying extortion demands may encourage further ransomware attacks.
            Sanction rules and terrorism regulations may also bar payment of ransoms to certain states, groups or
            individuals, including cyber groups.

            Potential legal changes around ransom payments are unlikely to 100% solve the problem of ransomware,
            but they might help improve the maturity level of companies. Longer term, cyber criminals are likely to
            consolidate and change tactics as ransomware attacks become less lucrative, and as easy targets are
            harder to find.



            Small and mid-sized companies an increasing sweet spot for hackers

            All companies, across all sectors, are now exposed to ransomware attacks, although small and mid-sized
            companies are proving a more attractive target for cyber criminals as larger companies beef up their
            cyber security.

            Cyber security, rather than sector focus, is now the key driver for cyber-attacks. The most attractive
            targets  for  cyber  criminals  traditionally  have been  large  organizations,  where  they  can  get  the  most
            financial gain for reasonable effort. With these organizations investing heavily in security, the focus is
            gradually shifting to small and mid-sized firms. The current real sweet spot is a mid-sized business with
            weak controls, risk management and cyber security in place. That is what cyber criminals like most.”

            Large companies are better positioned to mitigate the growing threat landscape than smaller companies,
            which often lack the resources to invest in cyber security and risk management. Small to medium sized
            companies see their risks increasing with digitalization, but typically would not carry out impact analysis
            linked to cyber security and the value of the business.








            Cyber Defense eMagazine – December 2022 Edition                                                                                                                                                                                                         58
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
   53   54   55   56   57   58   59   60   61   62   63