This article is part of Panther’s new Future of Cyber Attacks Series which features interviews with cyber security experts, thought leaders, and practitioners with a goal of better understanding what organizations can do to prepare themselves for the future of cyber attacks.
The following is an interview we recently had with Alex Cherones, Partner at Headstorm.
How have cyber attacks evolved over the past 12 months?
Cybercriminals are continuously improving their tactics and techniques. If we use ransomware as an example, over the last year we’ve seen both the volume and sophistication of attacks more than double as ransomware has become a big business.
The average ransom when 2020 began was around $200,000 but when comparing that to today’s average of $4.4 million it’s clear how much the ransomware industry has grown. By the end of 2021, it is estimated that the total cost will reach $20 billion, which is a number that will continue to increase because 87% of companies that suffer a ransomware attack pay the ransom.
When hearing those numbers it’s a common mistake to think, “It must be immensely difficult to pull off a ransom, right?” But for $100 you could hire someone to assist you with system entry or perform an exploit on your behalf. That’s right, Ransomware-as-a-Service, just like SaaS.
What lessons can be learned from the biggest cyber attacks in recent history?
The biggest revelation is that despite attacks like those on Kaseya & Colonial Pipeline, security continues to be an afterthought in organizations if it’s a thought at all. On average, the Chief Information Security Officer is three levels removed from the CEO, which means a lack of representation in decision-making.
That separation leads to security’s relegation to a ‘check the box’ activity for administrative & compliance purposes during board meetings. But cyber should be looked at as a growth sector that is involved in every aspect of an organization including supply chain (Solarwinds), product development (Garmin), & consulting services (Accenture).
By taking preventative measures you’re mitigating the damage to your brand following an attack & ensuring business continuity by following your incident response plan. For organizations that don’t invest in prevention, the aftermath of an attack looks completely different as they are forced to deal with a lack of business continuity & ensuing lawsuits from stakeholders.
What will cyber attacks look like in the future?
In the immediate future, cyberattacks will continue to evolve, which is especially true for credential breaches with the introduction of Quantum Computing & ransomware attacks.
It is expected that as Quantum Computing becomes a reality, passwords will become easy prey for brute force attacks that are suddenly able to be performed in nanoseconds.
Ransomware is a type of attack that has constantly increased in volume & sophistication as it has evolved from single to double, triple & quadruple extortion methods each of which signifies an increase in sophistication & risk per breach.
Both the introduction of quantum computing and the continued evolution of ransomware represent a transformation to the threat landscape that demonstrates why companies need to be preparing now. Two of the best ways for organizations to prepare for the future are to adopt passwordless sign-on & zero trust practices. The best time to start implementing either is now, before your organization is reeling from a breach.
What are three pieces of advice for organizations looking to get ahead of the cyber attacks of the future?
Will your organization be breached by a cyberattack is no longer a question, which is why it’s critical that you take steps ahead of time to prevent & mitigate the impact of a potential breach.
Be proactive: Take an inventory by asking yourself these 3 critical questions…
- How quickly can you recover?
- Do you have a recent backup?
- Have you tested your backups for recovery?
And, of course, don’t click the link!
Assess your risk: You must have a clear view of what your organization’s crown jewels are and then protect those first – and they are not always readily apparent.
Plan your response: Make sure you have an incident response plan in writing so your organization has a playbook for when you do inevitably get breached & practice it often. The majority of losses resulting from a breach such as ransomware actually comes from a lack of business continuity which a practiced incident response plan can mitigate. A quick tip: Print your incident response plan to ensure you have access after a breach occurs