Ransomware: A growing business threat for organisations in the new normal

Ransomware: A growing business threat for organisations in the new normal
  • Ransomware breaches witnessed a 13% growth in a single year, according to 2022 DBIR.

  • The human element accounted for 82% of analysed breaches over the past year.
  • Hybrid work models and connected devices will further contribute to the problem
Ransomware has been the single largest security threat for organisations in recent years. From India’s SpiceJet to America’s biggest microchip company, Nvidia, ransomware has caused major business disruptions to businesses and governments in 2022 alone. Consider this – the average ransomware payment is about to touch $1 million soon.

Ransomware breaches witnessed a 13% growth in a single year – between November 2020 and October 2021 – representing a jump greater than the past 5 years combined, according to the Verizon Business 2022 Data Breach Investigations Report (2022 DBIR). The report states that ransomware has been particularly successful in exploiting and monetising illegal access to private information as compared to other forms of cyberattacks.

While the origin of ransomware dates back to the late 1980s, the method became hugely popular after the introduction of Bitcoin circa 2009. Over the years, ransomware has managed to become one of the toughest challenges for Chief Information Security Officers (CISOs).
Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

Even with cybersecurity spending seeing a significant rise and organisations investing on sophisticated tools to combat threats, ransomware continues to be a challenge. The 2022 DBIR also highlights how threat actors successfully deliver attacks through some of the tried-and-tested methods like office docs and emails even in today’s time. About 40% of Ransomware incidents analysed in the report involved the use of Desktop-sharing software and 35% involved the use of email.

Underlining the importance of creating awareness about cyber-secure practices among all kinds of users, the report also found that “people” remain the weakest link in an organisation’s cybersecurity defence. The human element accounted for 82% of analysed breaches over the past year.

“As we continue to accelerate toward an increasingly digitized world, effective technological solutions, strong security frameworks and an increased focus on education will all play their part in ensuring that businesses remain secure and customers protected,” said Hans Vestberg, chairman and CEO, Verizon.

Interestingly, the Asia-Pacific (APAC) region reported a high number of social and hacking- related attacks but has a much lower number of ransomware cases than other areas. Ransomware was involved in 10% of the breaches in APAC as opposed to the overall dataset average of 25%. Education and healthcare sectors witnessed a rise in more impactful ransomware campaigns, according to the report.

Cause for concern?

The realities of the new normal and the great surge in connected devices are all common factors that contribute to the volume and intensity of ransomware attacks. But more importantly, organisations must revisit and rethink their defence strategies and adapt more quickly.

“The continued explosion of connected devices and widespread digitization in multiple sectors has increased the likelihood of cyberattacks, especially ransomware. While the pandemic led to a rise in ransomware attacks, the inaction, or the delay in the implementation of technical and infrastructure changes in the new normal has made organisations more vulnerable. The emergence of Ransomware as a Service (RaaS) and the adoption of cryptocurrency could be a contributing factor as well,” says Anshuman Sharma, head-investigative response, APJ at Verizon.

Managing and blocking what Verizon calls the ‘four key paths’ - credentials, phishing, exploiting vulnerabilities and botnets can equip organisations to effectively handle the ransomware threat. In India, where more than 70% of the organisations reportedly faced ransomware attacks last year, the threat landscape will continue to remain complex.

“As a large section of India Inc across industries adopts a hybrid work model, new security challenges and complexities continue to emerge. It is imperative for organisations to know their blind spots and secure mobile devices as well as their overall cloud computing environment. India can be transformed into a digitally-empowered society and address the emerging challenges within the technology space if organisations invest more in security along with the Government’s robust cybersecurity strategy and approach,” sums up Verizon’s Sharma.


5 reasons why the 4-day week won't work, according to an economic professor

Markets cheer RBI’s 50 basis point hike; bank stocks rally as margins may improve