Ransomware is increasingly targeting smaller businesses, and organizations of all sizes are increasingly exposed to both supply chain and software attacks. Nonetheless, established ransomware protection measures are still effective, according to keynote speakers at Infosecurity Europe.
“In the last two years we’ve seen an increase in attacks on SMEs, not in any particular sector, and on medium sized corporations with an international presence,” said David Clarke, CSO at Guildhawk and a former police officer.
Firms, he said, are falling victim to phishing and social engineering, and not having the proper systems in place to detect and defend against attacks.
RaaS on the Rise
At the City of London Police, Inspector Charlie Morrison flagged up a 10% increase in the number of attacks based on ransomware-as-a-service (RaaS), where it was possible to detect the ransomware strain.
Morrison agreed that SMEs were one of the more targeted groups, but attacks on larger companies also seem to be on the rise. That could, though, be in part down to better incident reporting processes in larger organizations.
Clarke also pointed to the risks posed by AI, with generative AI systems in particular being used to create hyper-personalized phishing attacks, as well as more sophisticated frauds using avatars and fake voice calls.
Read more about ransomware attacks: Ransomware Rises Despite Law Enforcement Takedowns
Multi-Pronged Ransomware Attacks
Morrison also flagged growth in software and supply chain vulnerabilities, as well as multi-pronged attacks that combine multiple ransomware attacks, or ransomware with DDOS, or the threat of releasing data. Moreover, attackers are also focusing on disruption and “derailing decision making” during attacks, he warned.
Organizations, he suggested, should act to improve their incident response and post incident response.
Although Morrison sees examples of good practice from incident response teams, businesses should aim to work more closely with law enforcement. This includes notifying the police of ransomware attacks, which are classified as crimes in progress. These can then be dealt with nationally, regionally or locally as appropriate. If possible, organizations should make contact with their local police cybercrime units before any attack, as this will give them a head start, as and when an attack does happen.
Organizations should also consider “victim care,” suggested Morrison. People involved in cyber-attacks can suffer just as much as those of conventional crimes. “The negative impact from cybercrime is very similar to that [experienced] by the victims of conventional crime … victims are part of the response,” he said.
This was echoed by Clarke, who pointed out that smaller firms can be forced out of business by ransomware, with jobs and livelihoods lost. However, prevention also needs a change in culture, he said, with employees feeling they can report incidents. “Encourage them to come forward, and not say they might lose their job,” he said.