Encryption experts offer critical steps to fight ransomware

New whitepaper from iStorage urges businesses to adopt more robust measures as rapid rise in ransomware attacks expected in 2023.

A new whitepaper to help businesses adopt more robust measures in the fight against ransomware has been published by iStorage, hardware encrypted portable data storage and cloud encryption solutions company. With an alarming rise in the sophistication and frequency of ransomware attacks expected in 2023, businesses of all sizes need to urgently familiarise themselves with the necessary steps to fortify their security posture.

Ransomware is expected to move into the mainstream with cyber criminals getting bolder, as Ransomware-as-a-Service (RaaS) - which sees ransomware authors offering clients off-the-shelf malware variants, expertise from the cybercrime community and databases full of credentials - puts the means to implement an attack into the hands of many more prospective perpetrators from the lone wolf to state-sponsored hacktivist groups.

CEO of iStorage, John Michael, explains: “Put simply, 2023 will see the coming together of the means, motive and opportunity when it comes to executing ransomware attacks. The growing social unease and tense geo-political relations that may cause grievances, the lucrative gains to be made, and now easy access to ransomware technology are a toxic combination that should be a cause for concern for cyber security and IT professionals.”

A single ransomware attack can net perpetrators millions of dollars, with recent attacks demanding upwards of US$70 million and cybercrime itself costing organisations $6 trillion per year in global damages. The European Union Agency for Cybersecurity, ENISA, says ransomware now “ranks as a prime threat” in the cybersecurity landscape.

Businesses across the UK could quickly find themselves in the firing line if defences are weak and left vulnerable. They need to recognise the characteristics of an attack through a better understanding of the evolving threat vectors, improved security policy and a dynamic incident response plan to reduce impact. Urgent action will be needed to stave off business downtime, financial loss and reputational damage.

Malware authors are flush with more directions of attack – and potential vulnerabilities lurking in a wider range of easily-accessed systems – than ever before. Ransomware spreads through various means, including phishing emails with malicious links or attachments, portable computers, exposure to public Wi-Fi, and Zero-Day vulnerabilities. Malicious threat actors are moving from simply locking down data to employing double and triple extortion tactics, whereby they intend to steal, threaten to share that information, and also make ransom demands against a business’s third-party clients.

Phishing attacks are also becoming more complex as technology evolves. For example, Spear phishing - crafting targeted attacks on individuals by aping high-level employees - can now be automated via AI to generate conversion rates of up to 80%. AI has been used to emulate the voices of CEOs making phone-based phishing (known as vishing) truly effective. And as the power of AI grows, such deep fakes will infiltrate video calls too.

John Michael elaborates, “The richest prizes have come from those with the highest level of access, and hackers now perform detailed reconnaissance on key targets. It has never been more imperative, therefore, to adopt a never trust and always verify stance with regards to access permissions. Firmly locking down access to an organisation’s data requires implementation of a Zero Trust strategy, with consistent encryption and a stringent backup policy. By doing nothing and assuming that an attack is something that will happen to other businesses will mean the situation becomes far worse in 2023.”

Taking a Zero Trust approach minimises the possibility of an IT infrastructure attack by removing any implicit trust. Every device, user, platform, tool or vendor must clearly demonstrate its security credentials. Employees must be trained to understand this, and a workplace culture must be built around cyber hygiene and resilience.

Share

Featured Articles

ICYMI: New Age of the CISO and cybersecurity trends for 2023

A week is a long time in cybersecurity, so here’s a round-up of the Cyber Magazine articles that have been starting conversations around the world

Kingfisher chooses Google Cloud as catalyst for growth

Google Cloud will support Kingfisher's digital ambitions with a range of solutions, from infrastructure to data analytics.

ICYMI: Cyber predictions for 2023 and trouble in paradise

A week is a long time in cybersecurity, so here’s a round-up of the Cyber Magazine articles that have been starting conversations around the world

Osirium shares its cyber predictions for 2023

Cyber Security

ICYMI: Unloved emails and cybersecurity worth $500bn by 2030

Cyber Security

Cyber security market anticipated to reach $500bn by 2030

Cyber Security