On the 25th of August 2021, CES had the pleasure to have an interview with the Namibian Broadcasting Corporation around Cyber Security.
- Mr PJ, in your own words can you please tell us what a cyber-attack is?
In short, a cyber-attack literally is an assault launched by cybercriminals against single or multiple computer systems or networks with the intent to cause damage, whether it be for financial, political, or other motives. A cyber-attack can maliciously disable computers, servers or networks, steal data, or even use a breached system as a launch point for other attacks.
Cybercriminals today typically use a variety of methods to launch cyber-attacks, including malware, phishing, ransomware, Distributed Denial of Services Attacks, and many more.
The increase in attacks is also related to the availability of threats. Many hacker groups offer cyber-attacks such as ransomware as a service, so anyone can rent this type of threat, including infrastructure, negotiating with victims or extortion websites where stolen information can be posted. The ransom is then split between the ‘partners’.
- Why are so many people not aware of this type of attack?
There are a lot of reasons for this. Traditionally the main reasons used to be a variety of factors, such as lack of visibility into the threats, end user education, and inadequate risk management, however security was more easily managed because all the resources and information was centralized at the organizations data center behind a firewall and various other levels of security controls, completely controlled by the IT or security departments. The problem with security has always been that if it doesn’t work, you will not know until it is too late, unlike for example if your car is not working, it simply wouldn’t start.
However, one of the main reasons why so many people are not aware of these types of attacks, is that the COVID pandemic dramatically changed how organizations operate and changed security requirements forever. Organizations now need to focus on employees shifting to remote work, focusing on customer centricity and empathy, and accelerating digital transformation.
In our ‘new normal’, we need to cater for an employee workforce that needs to use any device (such as notebooks, mobile devices, tablets, web browsers), to access any application (whether it be on the web, in the cloud, on-premise in the corporate data center), from anywhere (in the office, at home, or on the go), and this is complex as we need to ensure maximum productivity. This expands the attack surface tremendously with organizational data being anywhere and everywhere, and inconsistent security policies and fragmented visibility results in an ever-evolving threat landscape.
Cyber-attacks on all businesses, but particularly small to medium sized businesses, are becoming more frequent, targeted, and complex. According to Accenture’s Cost of Cybercrime Study, 43% of cyberattacks are aimed at small businesses, but only 14% are prepared to defend themselves.
COVID-19 and digital transformation initiatives have left security teams with a complex environment to protect against sophisticated and evolving threats.
- What can cyber-attacks lead to and how harmful are they?
The business impact of a cyber-attack can be devasting. The road to business recovery can take a lot longer and be much more complex and costly than most business imagine, with many smaller businesses closing within months after a cyber-attack.
Just some of the damages and associated costs that a typical business can experience includes loss of intellectual property, severe reputational damage, loss of contracts and customer relationships, operational disruption for extended periods, regulatory fines, attorney fees and litigation, and this is not even considering the cost of the actual recovery of systems and implementation cybersecurity improvements.
Worst-case scenario cyber-attacks can cause electrical blackouts due to attacks on the national power grid, failure of military equipment, breaches of national security, theft of sensitive data such as medical records, impacting election results, bring down national communication infrastructures such as telcos and national broadcasters, or even loss of life in the case of a hospital or emergency response centre taken down.
To give just one example of a recent cyber-attack that hit really close to home, Transnet in South Africa experienced a cyber-attack that almost brought their ports operations to a standstill, and the cumulative impact of the attack could cause long-lasting damage to the South African economy.
- What is a ransomware attack?
Ransomware, in a nutshell, is a vicious type of malware that cybercriminals use to block access to your entire system or specific sensitive files/databases, until you or your company pays a ransom. By encrypting these files and data and demanding a ransom payment for the decryption key, these malware place organizations in a position where paying the ransom is perceived to be the easiest and cheapest way to regain access to their files and data. Some variants have added additional functionality – such as data theft – to provide further incentive for ransomware victims to pay the ransom.
Ransomware has quickly become the most prominent and visible type of malware. Recent ransomware attacks have impacted critical service providers ability to provide crucial services, crippled public services in cities, and caused significant damage to various organizations, and we have experienced a large amount of Namibia companies and enterprises falling victim as well.
The COVID-19 pandemic also contributed to the recent surge in ransomware. As organizations rapidly pivoted to remote work, gaps were created in their cyber defenses. Cybercriminals have exploited these vulnerabilities to deliver ransomware, resulting in a surge of ransomware attacks.
- In a ransomware attack, the attacker demands a ransom from the victim to restore access to the data upon payment. Should one pay a ransomware attack to get access to their data?
The number of ransomware attacks is growing for a simple reason, hackers are getting paid. The willingness to pay creates a dangerous loop and increases the motivation of attackers.
If the ransomware attack is successful, the organization is faced with the choice of whether to pay the ransom or not. Either way, companies must go back to the beginning and find out why the incident occurred. Whether it was human factors or technology that failed, go through all the processes again and rethink the entire strategy to ensure that a similar incident never happens again. Taking this step is necessary regardless of whether an organization pays the ransom or not. One can never take comfort in the fact that somehow data recovery has occurred and consider the incident resolved.
So, to pay or not to pay? The answer is not as simple as it first appears. While the ransom amounts are sometimes in the hundreds of thousands or millions of dollars, outages of critical systems often surpass these amounts. However, enterprises must remember that even if the ransom is paid, it does not mean that the data, or even part of it, will actually be decrypted.
Don’t rush into a decision and consider all your options carefully. Paying the ransom should really be the last resort.
- How can we avoid these types of attacks on our systems?
The first half of 2021 has seen record numbers of ransomware attacks, both in terms of volume and scale. But why does this trend keep growing? The answer is simple, the technique continues to work, and again, the hackers behind the attacks keep getting paid. One of the only ways for organizations to be better prepared is to work under the assumption that something will go wrong, and that their network will be breached at some point.
So how can we minimize the risk in a practical manner?
- Be extra vigilant on weekends and holidays.
- Most ransomware attacks over the past year have taken place on weekends or holidays when organizations are more likely to be slower to respond to a threat.
- Install updates and patches regularly.
- WannaCry hit organizations around the world hard in May 2017, infecting over 200,000 computers in three days. Yet a patch for the exploited EternalBlue vulnerability had been available for a month before the attack. Updates and patches need to be installed immediately and have an automatic setting.
- Install an anti-ransomware solution.
- Anti-ransomware protection watches for any unusual activity, such as opening and encrypting large numbers of files, and if any suspicious behavior is detected it can react immediately and prevent massive damage.
- Education is an essential part of protection.
- Many cyberattacks start with a targeted email that does not contain malware but uses social engineering to try to lure the user into clicking on a dangerous link. User education is therefore one of the most important parts of protection.
- Backing up and archiving data is essential.
- If something goes wrong, your data should be easily and quickly recoverable. It is imperative to back up consistently, including automatically on employee devices, and not rely on them to remember to turn on the backup themselves.
- Limit access to only necessary information and segment access.
- If you want to minimize the impact of a potentially successful attack, then it is important to ensure that users only have access to the information and resources they absolutely need to do their jobs. Segmentation minimizes the risk of ransomware spreading uncontrollably across the network.
- Implement strong authentication, access, and identity management.
- Strong authentication, access, and identity management are a key part of the guidance to prevent ransomware.
- Safeguard data-at-rest from ransomware with advanced encryption solutions.
- Data protection use cases could include file-level encryption with access controls, application-layer encryption, data encryption etc. This makes the data worthless to intruders when they steal business -critical or sensitive data and threaten to publish it if the ransom is not paid.
- Any final remarks?
While security awareness in general in Namibia has increased dramatically, especially through increased adoption of security best practices during the pandemic, there are still a lot of people and organizations that doesn’t have adequate security skills, processes, and technology in place, believing Namibia is a small African country, who would want to attack us?
The reality is cybercriminals doesn’t care, not where you are from, or what industry you are…
Based on threat intelligence data from Check Point for Namibia for the last six months, an organization in Namibia is being attacked on average 1011 times per week in the last 6 months, compared to 781 attacks per organization globally. The most common vulnerability exploit type in Namibia is Information Disclosure, impacting 66% of the organizations. In EMEA organizations has experienced a 36% increase in cyber-attacks since the beginning of the year, and a dramatic global 93% increase in the number of ransomware attacks.
So, in closing, in 2021, companies face several major cyber security challenges. However, this year also presents opportunities for significant security growth. 2020 demonstrated how businesses need to adapt to the modern world, and 2021 provides an opportunity to design and build security for the future.