Almost overnight, businesses transitioned to a remote workforce introducing unique exposures and vulnerabilities that were quickly exploited by aggressive forms of ransomware. Studies show that in the first two weeks of March there was a five-fold increase in ransomware attacks. By mid-2020 the number of reported global ransomware incidents increased by an astonishing 715% year-over-year.
This isn’t surprising. Ransomware attacks are a phenomenally successful and profitable business for cyber criminals. The average ransom is $1.1 million, and a quarter of all ransomware victims pay their attackers, further fueling the cycle.
Below we look at some of the most significant ransomware attacks for 2020, as well as ways organizations can reduce their risk exposure to these devastating hacks in 2021.
One of the most notable ransomware attacks of 2020 involved fitness brand Garmin, whose entire digital infrastructure was disrupted by malicious actors for several days in July. The hack shut down the company’s website, corporate email, call centers, customer applications, and the company’s lesser-known aviation industry services used by aircraft for critical flight planning and mapping tasks.
The breach was so impactful employing the WastedLocker ransomware strain that Garmin is reported to have paid the $10 million ransom to reclaim control of its operations – a real-world indication that ransomware is most powerful when it disrupts customer operations.
Also in July, hackers were busy infiltrating another target – Blackbaud. A leading cloud services provider and a lucrative, data-rich target for hackers, Blackbaud’s clients include prominent universities, hospitals, and public health institutions. This deliberate supply chain attack resulted in the exfiltration of millions of sensitive student, patient, and donor data records and is thought to be one of the largest breaches in 2020 involving patient health information. Adding to the PR and security nightmare, Blackbaud failed to notify its U.S. and UK clients of the attack for several weeks and could face significant fines for violating the GDPR breach reporting law.
These attacks are just the tip of the iceberg, but they shine a spotlight on the risks organizations face as they digitally transform, increase their reliance on cloud technologies, and become more interconnected with outside networks. This has led to the massive attack surface expansion and fueled a surge in opportunistic ransomware attacks.
Bad actors are continually probing an organization’s digital footprint for a way in. When a weakness or vulnerability is found – such as a misconfigured app in a cloud service or a vulnerable and long forgotten domain address – they take advantage.
The best way to manage this growing attack surface and reduce the risk of a ransomware attack is through visibility. After all, you can’t secure what you can’t see. Even if you've invested in the latest firewalls and threat intelligence technology, a single unpatched cloud asset or insecure vendor can wreak havoc. As the saying goes, it's not the mountain you climb but the pebble in your shoe.
If you can visualize the common vulnerabilities and exploits in your ecosystem, you can put together a security program that proactively closes security gaps before they are exploited. It could be that you need to adjust your software patching cadence, invest in better cloud firewalls, close any ports that are left unnecessarily open, or do a better job of evaluating and monitoring third parties for cyber risks.
In the cybersecurity world, 2020 will be remembered for the SolarWinds Orion hack. But the escalating ransomware threat cannot be ignored. Just imagine the nightmare scenario that would have transpired if the intent of those behind the SolarWinds attack hadn’t cyber espionage, but instead to hold government agencies and large parts of the US economy for ransom. This prospect alone further reinforces the urgency that organizations need to do everything they can to mitigate risk and secure their attack surface.
A couple of years ago, industry research firm Gartner introduced a new acronym—SOAR—into the cybersecurity nomenclature. SOAR stands for “security orchestration, automation, and response.” It’s not an individual tool, or even set of tools....
Now more than ever before, it’s critical to build a strategic security performance management program in which you take a risk-based, outcome-driven approach to measuring, monitoring, managing, and reporting on your organization’s...
Whether your organization is just beginning to develop your security performance management systems, or you already have a mature and established program in place, there is always room to innovate and improve the cyber risk monitoring tools