Hit by the perfect pandemic storm amid a global IT talent crunch, the final resort may be MDRs and MSSPs …

Sherif El Nabawi, VP of Engineering, Asia-Pacific and Japan, CrowdStrike

This tumultuous year has seen some visible cybersecurity trends, such as continued proliferation of ransomware; heightened concerns around nation-state actors; a persisting cybersecurity talent gap; and the need for acceleration of both digital and security transformation.

In a recent yearly report on global cybersecurity attitudes by CrowdStrike, APAC was found to be the region that was worst hit by ransomware, costing millions in financial damage.

To find out more between the lines of the report, CybersecAsia interviewed the firm’s VP of Engineering (Asia-Pacific and Japan), Sherif El Nabawi.

CybersecAsia: How does the APAC region stack up against other regions (US, EMEA) in terms of global cybersecurity positioning and attitudes?

Sherif El Nabawi (SEN): With 63% of organizations surveyed reporting a ransomware attack within the last 12 months, the APAC region was hit harder than the US and Europe, the Middle East and Africa (EMEA). Apart from the frequency of attacks, the increasing ransom demands by cybercriminal and the rising ransom amounts being paid out is a major concern.

Among the APAC victim organizations, 31% chose to pay up—more than that in the US and EMEA. This cost organizations across the region on average US$1.18m—more than in the US (US$0.99n) and EMEA (US$1.06m).

Overall, the attitude about ransomware is that 79% consider it to pose the single biggest threat to organizations in the year ahead. Potentially compounding these risks are the expanded surfaces of attack that cybercriminals can target, worsened by a persisting talent gap that has left security teams leaner than before.

CybersecAsia: Is there no other option but to pay the ransom?

SEN: Data seems to indicate that organizations realize the link between the pandemic and an increase in both ransomware attacks and the costs they incur. Some are choosing to pay the ransom rather than endure protracted interruptions to their business processes or risk having sensitive corporate data exposed.

Ultimately, whether to pay the ransom or not can therefore be a difficult decision by stakeholders such as IT experts, legal counsel, law enforcement and the cyber insurance carrier. Note the following possibilities even if ransom is paid:

  1. In some cases, victims who paid a ransom were never provided with decryption keys. 
  2. Due to flaws in the encryption algorithms of certain malware variants, victims may not be able to recover some or all of their data even with a valid decryption key.
  3. The act of paying a ransom may result in sanctions from regulators. OFAC, which is part of the US Department of the Treasury, administers economic and trade sanctions that could impact companies that choose to pay a ransom. A recent advisory from the US Department of the Treasury warns that “companies that facilitate ransomware payments to cyber actors on behalf of victims not only encourage future ransomware payment demands but also may risk violating OFAC regulations.”
  4. Paying ransoms emboldens criminals to target other organizations and reinforce such modes of attack as an alluring and lucrative enterprise.

Even paying up does not eliminate the risk of data exfiltration as attackers that have managed to access an organization’s system can simultaneously canvas the IT infrastructure to find other monetization opportunities.

CybersecAsia: What should organizations in APAC do to protect themselves against ransomware?

SEN: The best defence against ransomware is proactive prevention and keeping best security best that include:

1.  Training all employees on cybersecurity best practices: Make sure they follow good hygiene practices such as using strong password protection, connecting only to secure and approved Wi-Fi networks, and being alert to phishing.

2.  Keeping all system software and devices patched and up to date: By vigilantly updating your systems, organizations can thwart hackers exploiting zero day and known vulnerabilities.

3.  Using continuous threat monitoring: Traditional antivirus solutions may prevent known ransomware but fail at detecting unknown malware threats. Cybersecurity solutions powered by machine learning are able to identify indicators of attack (IoAs) to stop ransomware before it can be executed and inflict damage. Such solutions also double up as a ‘surveillance camera’ across all endpoints, capturing raw events for automatic detection of malicious activity not identified by traditional prevention methods and providing visibility for proactive threat hunting.

4.  Integrating threat intelligence into the security strategy: Keep up with the latest threat intelligence to detect an attack quickly, understand how best to respond, and deploy countermeasures within minutes to prevent it from spreading.

The global post-attack attitude boils down to 76% upgrading their security software and infrastructure to reduce the future attack. In addition, 65% upgraded their security staff with the same objective in mind.  

CybersecAsia: How much of a risk are nation-state (state-sponsored) attacks on the average firm? Who should be worried?

SEN: CrowdStrike has continued to observe a blurring of the lines between nation-state and typical attack methodologies. A large majority of organizations surveyed in APAC (89%) were aware that nation-state attacks pose a threat, and many believed this situation has been exacerbated by the pandemic.

The risk varies between countries that are subject to the motivating factors behind nation-state attacks: trade and political tensions, intelligence gathering, valuable pandemic-related research or financial/intellectual property and so on.