Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Op-Ed: A shift in focus can break the ransomware business model

Once a resource is coveted, it’s not long before criminals devise ingenious ways to steal, destroy, and monetise the material.

user iconScott Magill
Wed, 24 May 2023
Op-Ed: A shift in focus can break the ransomware business model
expand image

Gold — one of history’s most craved elements — has been the catalyst for countless thefts, scams, and imperial conquests for centuries. On the topic of catalysts, catalytic converters have been targeted by thieves in recent years, seeking to sell the precious platinum and palladium to scrap metal dealers.

Even crude oil has been subject to being stolen, with criminal gangs across Africa and South America tapping into transnational pipelines. Once siphoned, the fuel can be sold on the black market or used in the production of illicit substances.

While each of these examples highlights very different targets, the crimes are identical — they all follow the same cycle (covet, crime, cash). It’s strictly the circumstances and mediums that change.

Today, there is a new crown jewel, more precious than gold, oil, or automotive parts. Data has become today’s most desired commodity — and criminals haven’t skipped a beat.

Cyber crime’s rapid evolution

As the world’s digital dependencies grow, the vulnerability of the digital channels we rely on every day increases in lockstep.

Attackers adapt quickly to the latest perimeter defences because there’s greater anonymity involved in probing a victim’s security posture from behind a computer screen, particularly when compared to siphoning an oil pipeline or tunnelling under a bank.

Unfortunately, many organisations disproportionately focus on and invest in trying to mitigate the risk of a cyber attack rather than focusing on minimising the impact. Regrettably, we live in a world where cyber attacks are inevitable, so focusing on minimising their impact has never been more important.

With the rapid evolution of cyber attack methods, reducing the risk of a cyber attack to zero is a Sisyphean task. Short of taking your business completely offline, it’s nearly impossible.

Minimising the impact of a breach, however, is where organisations can truly turn the tables on attackers.

First, it’s critical to understand the impact a cyber attack has on the organisation. The best way to do this is to understand the value criminals derive from data following an attack.

The value cyber criminals find in data is two-fold. First, if an attacker can deny an organisation access to its data, that organisation will find it near impossible to operate until that data is restored. The attacker can then demand a ransom from the victim in order to have the data returned.

This is the classic “denial of data” ransomware attack. An inability to operate is one of the top business risks organisations face. Staring down the prospect of days, weeks, or months offline, recent research has found 72 per cent of organisations make the difficult decision to pay attackers to regain access to their data. Once the ransom is paid, though, there is no guarantee the data will be returned. In fact, that same research found only 16 per cent of those who paid a ransom were able to recover all their data.

A more recent means of monetising cyber attacks sees the culprit steal the victim’s data — typically customer personal information or financial data — then demand a ransom on threat of that data being published or sold on the dark web. This is the “exfiltration” style of ransomware attack. It puts the victim in an incredibly difficult position with seemingly no “right answer”.

Breaking the ransomware business model

In both these cases, the impact on the business stems not from the initial intrusion event but rather from the secondary denial or exfiltration of data.

By reducing the impact of these events, before they take place, an organisation can confidently continue to operate rather than constantly looking over its shoulder and living in fear.

In the case of a data-denial attack, a victim will often pay the ransom when the time and cost to recover is either unknown or prohibitively expensive. With a zero-trust data security strategy, one built on immutable and air-gapped backup data, recovery times become a more predictable and known factor.

Rather than panic, and resort to desperation payments, an organisation can quickly assess the fallout, run its tested recovery procedures, and know with certainty how to get back online within just hours instead of weeks or months. This is because the backup data can be used to identify and quarantine anomalies, allowing the victim to recover rapidly from the most recent clean copy.

In an exfiltration attack, ransomware criminals get their payday when the victim is unaware of what sensitive data was taken — when this is unknown, many assume the worst.

But with machine learning and artificial intelligence (AI), it is possible to scan your entire environment, locate sensitive data, and apply the appropriate security and access controls before an attack occurs. Then, when an attacker breaches defences, an organisation can be confident personally identifiable or sensitive data was not taken.

Applying these focused approaches give organisations a predictable, measurable, and demonstrable recovery strategy. This effectively breaks the business model of ransomware by turning a potentially catastrophic event into a minor inconvenience.

One thing is for certain; there will always be criminals seeking new ways to make a payday. While the cycle of crime cannot be eradicated, we do have the opportunity to break the ransomware business model and remove the value attackers find in targeting data.

And it’s much harder to remain anonymous when lying under a chassis sawing off a catalytic converter.

Scott Magill is the managing director of Rubrik ANZ.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.