Ransomware gained global prominence in 2021, following a series of high-profile incidents involving “big game” organisations including JBS Foods and Kaseya. However, ransomware emerged over 25 years ago, starting off as single extortion play—pay a ransom or lose access to maliciously encrypted data.
Today, ransomware attacks incorporate both the encryption of data and the exfiltration of sensitive information, also known as “double dipping.” Victim organisations are extorted with the dual threat of having their sensitive information exposed and losing access to their data.
In recognition of this rapidly evolving ransomware threat, cybersecurity authorities in the United States, United Kingdom and Australia released a joint cybersecurity advisory in early February titled, “2021 Trends Show Increased Globalized Threat of Ransomware.” This alert provides an overview of observed behaviours and trends along with mitigation recommendations “to help network defenders reduce their risk of compromise by ransomware.”
Australian organisations of all sizes are targets for ransomware
Meanwhile, the Australian Cyber Security Centre (ACSC) has warned that ransomware poses a significant risk to Australian organisations. In a recent report, ACSC notes that nearly 500 ransomware cyber-crime attacks were reported in fiscal year 2020-2021. That is an increase of 15% over fiscal year 2019-2020, with ransom demands ranging from thousands to millions.
ACSC also reports that ransomware has continued to target Australian organisations of all sizes, including providers of critical infrastructure services and organisations in the financial services and markets, healthcare and medical, higher education and research, and energy sectors.
The report recommended five immediate actions to protect against ransomware:
- Update operating systems and software
- Implement user training and phishing exercises to raise awareness of suspicious links and attachments
- Secure and monitor Remote Desktop Protocol (RDP), if in use
- Make an offline copy of data
- Use multifactor authentication (MFA)
Time to consider a people-centric approach to cybersecurity
To defend against ransomware proactively, it’s critical for organisations to adopt a new approach to cybersecurity—a people-centric approach. This approach recognises that technical controls alone are not sufficient to address human factors in today’s threat landscape.
In a global survey conducted for the “2022 State of the Phish Report” from Proofpoint, 78% of respondents said their organisation experienced email-based ransomware attacks in 2021. Among Australian organisations only, that figure was even higher: 92%. That percentage is the highest among all regions included in the report, and it represents a 53% year-over-year increase for Australia.
The survey also found that security awareness training is present in 99% of organisations, although only 57% of respondents said they have organisation-wide training. Also, only 85% of organisations educate employees who fall for real or simulated phishing attacks.
More than one-third (37%) of Australian organisations use simulated phishing attacks, ranking last among all the regions surveyed for the report. However, they are also using them the most: 61% of Australian organisations reported that they are sending users phishing simulations daily.
Strategies to improve defences
Organisations in Australia that are looking to fortify their defences against ransomware and other threats should consider the following measures:
- Building security awareness everywhere and with everyone. Security awareness needs to be organization-wide. Include not only training but also simulated phishing attacks and improved targeted training for those users who fail real or simulated phishing attacks.
- Evaluating threat protections within and beyond your perimeter—restrict the attacker’s toolset. This starts with visibility. Limit the attacker’s toolset by gaining visibility into the threat landscape and managing your digital footprint to reduce your personal and organisational attack surface. This includes introducing practices such as domain fraud monitoring or managing relevant web domain registrations and taking down fraudulent sites (for example, brand “lookalike” sites), as recommended by the ACSC’s “Guidelines for Email.”
- Implementing email authentication as a powerful tool to combat email fraud. Getting started with DMARC can be rocky, but the journey can be made easier with help—and it’s well worth it.
Learn More
To learn more about how user awareness gaps and cybersecurity behaviours are putting your organisation at risk and get additional tips for enhancing your cyber defences, download a free copy of the “2022 State of the Phish Report” from Proofpoint here.
To understand how you can take a people-centric perspective to build your cybersecurity strategy, engage with us and our community of security leaders.
Additional resources
From Proofpoint:
- On-demand webinar: “Ransomware Attacks Are on the Rise: What You Need to Know”
- E-book: “The 2022 Ransomware Survival Guide”
- On-demand webinar: “The Human Factor Report 2921 Findings—Cybersecurity, Ransomware and Email Fraud in a Year That Changed the World”
From ACSC:
- Report: “ACSC Annual Cyber Threat Report 2020-21”