In 2019, it was predicted that a single business will fall victim to ransomware every 14 seconds, and in 2021 that time will reduce to every 11 seconds. However, from Fortinet’s perspective, ransomware and malware, generally are on the decline.
What is on the rise and something that I predict will get worse in 2020, is the more targeted ransomware attacks, which cost businesses more from an operational and regulatory perspective.
Ransomware’s past
If we reflect on how far ransomware has come, we can then better understand where we think it will go in the future. Threats like Gandcrab were prolific in its day, because it worked off of an affiliate model, making it difficult to gather research and intelligence on. Attackers would get commissioned constantly to infect systems, meaning Gandcrab had hundreds of members to keep tabs on.
They ended up making about $2 billion in ransoms, but it was difficult to find the actual owners of the money, because of the number of commissions that were made to middlemen. In the end it became so prolific, that too many people were using Gandcrab and law enforcement got wise to this. So that led to a significant decline in the second half of this year.
What is on the rise, is targeted ransomware. With Gandcrab, they were stealing data and holding it ransom from anywhere between a few hundred to a few thousand dollars. Now we’re seeing more use cases where ransomware attacks are shutting down business revenue streams and operations.
There's one case in Norway, with Norsk Hydro, which was a victim of a targeted ransomware campaign that shut down the production line. In the case of Norsk Hydro the total damages were about $40 million that stocked up as a result of electronic production being forced to switch to manual operations.
We’re seeing some ransomware cases in the US ranging from $600,000 to upwards of $20 million in damages. The malware and ransomware market is a completely different game now because these attacks are targeted and specific to certain internal systems, they're getting big revenue streams and essentially causing major disruptions.
What’s changed?
The changes to ransomware attacks has made it worse for businesses because not only are the targeted attacks more prolific, but the average data breach costs are significant. Research we conducted with IBM last year found that the average data breach cost was $3.9 million. As a result, businesses are becoming savvier and taking out cyber insurance policies to protect themselves.
So, there’s a major shift within these organizations to have a more proactive mentality because the stakes are so high. Cybersecurity insurance is now considered an important and valuable part of an organization’s cybersecurity readiness, and particularly for sectors like financial services, where the data held by businesses is extremely sensitive.
For example, although it can’t rescue a company’s reputation, insurance can at least partially provide the funds to remediate a situation, whether that’s setting up hotlines to help customers, providing financial compensation, or covering a period of business outage.
For larger enterprises, there may be a need to engage legal advisers, communication specialists, and first responders – all of which could be funded by an advanced cyber insurance policy. As an unexpected side effect – the process of securing insurance can even help businesses to identify gaps in their current cybersecurity set-up, as well as training gaps in their frontline cybersecurity staff.
That being said, I think the way we recognize and remediate attacks has improved for the better. The volume of ransomware and malware attacks themselves has gotten smaller, making it easier for law enforcement to concentrate their resources and keep crime rates down.
What’s ahead?
Looking ahead to 2020, the expectation is that the cost of a data breach is going to be rising further because attacks are becoming swifter and quicker. They’re modelled after the in and out, smash and grab technique because of this fence of automation that’s more embedded in modern businesses. The nature of machine learning is changing the way attack strategies are built, and businesses need to be prepared for that.
To combat this risk, cybersecurity systems need to be enabled to monitor behaviors over time through the integration of physical sensors and networks, as well as deep content network inspections and an integrated fabric.
When partnered with behavioral analytics and speed at the edge, security systems can better detect cybersecurity weaknesses, anomalies, and even predict security issues that might otherwise fall through the cracks. Cybersecurity systems’ ability to respond to threats at speed and scale without human intervention will be enhanced by this sort of integrated system.
5G technology is also going to cause a big headache for businesses because of the sheer volume of devices, meaning the attack surface is going to exponentially expand to. The devices themselves will have a lot of vulnerabilities.
As a result, personal property can be stolen much quicker, and organizations will have less time to recognize and also to respond to the attack. Which is a challenge that organizations can address from an integrated security approach that uses security orchestration automation and artificial intelligence to help a business fight back and properly defend themselves.
Along with the transition to edge clouds, end-to-end security from the mobile core to the edge is now imperative. In practice, this means embedding security features and functions directly into the network edge. This requires adopting a fabric-based strategy that goes beyond protecting isolated security devices and platforms and adapting to this expanded and evolving network.
Coupled with this approach to securing every aspect of the business, intelligent collaboration between the public and private sector, law enforcement and emergency response teams, is also so important.
As these attacks become more targeted, information and intelligence sharing between organizations as well as automation and machine learning is critical to being able to spot an attack before it happens and react swiftly to protect your business.