Mitigating growing ransomware risks

The recent ransomware attack on ForceNet, one of the external communications providers of the Australian defence department, continues to highlight the growing threat of ransomware across nations and businesses. Unlike a data breach, ransomware is a risk without discretion. Any company that requires access to critical data or faces loss or hardship in the event of business interruption is a potential ransomware victim.
Unfortunately, attacks are becoming more sophisticated and frequent. Aon’s analysis shows that ransomware attacks are up 204 per cent from before the onset of Covid-19 globally. In Singapore, according to the Cyber Security Agency of Singapore, the number of ransomware cases rose 54 per cent from 89 in 2020 to 137 in 2021.
The potential consequences of business disruption or public exposure of sensitive data include reduced revenue, harmed reputation, breached contracts, missed deadlines, failure to meet customer or client expectations, or even, in extreme healthcare provider examples – possible loss of life.
Businesses must therefore take proactive steps to prepare for and prevent ransomware attacks, such as ensuring that Incident Response (IR) Plan/Playbooks, and Business Continuity Plan (BCP)/Disaster Recovery Plans are suitable and updated. But plans collecting dust are useless; businesses must conduct simulated sessions across realistic scenarios to enhance resilience. Unpatched vulnerabilities allow attackers to compromise corporate networks, and attackers can often identify a vulnerable system with a simple scan of Internet-facing systems using widely available tools. But companies that have invested the time and resources to improve BCP and IR preparedness before a breach ultimately respond and recover more efficiently and effectively. Recently Aon assisted a large technology company to develop and test their incident response plans, including onboarding incident response partners. Because they had a robust and tested plan and pre-vetted partners to handle incident response and forensics, response teams were able to deploy on-site within 24 hours of an incident occurring.
The efficiency of knowing how the IR plan should work meant third party vendors and the client’s internal IT resources knew their respective roles and worked seamlessly to preserve evidence, interview personnel, and perform host-based analysis to determine the scope of the breach and execute the needed remediation plan. Properly configured security tools that focused on endpoint detection and response helped decrease the risk of a ransomware attack and were useful as part of incident investigation and response.
Companies must create a culture where all employees feel responsible for enterprise security. Multi-factor authentication, across all forms of login and access to email, remote desktops, external-facing or cloud-based systems and networks, is necessary but insufficient. Phishing is still a leading cause of unauthorised access to a corporate network, often the entry point for ransomware attacks. Training employees not only to spot a phishing email, but also to report the email to their internal cybersecurity team, is a critical step in detecting the early stages of a ransomware attack.
Furthermore, strictly control your privileged accounts. Segment your network to reduce the spread of adversaries or malware. Have strong logging and alerting in place for better detection and evidence in the event of incident response. Also, it’s crucial to inform your technical security strategy with the latest attacks and adversary trends, as well as continuous threat intelligence monitoring in open source and on the dark web.
Additionally, businesses can consider taking a page out of the Singapore government’s initiative on creating a multi-department taskforce to counter ransomware threats. A model taskforce would include internal and third-party expertise across the disciplines of forensic incident response, legal counsel, crisis communications and ransom negotiation and payment. As time is of the essence during a ransomware attack, it is critical to pre-vet and pre-engage a team of professionals ready to respond to an attack when it happens.
The market continues to overflow with technologies designed to secure organisations and operational checklists to guide compliance and build resilience. Yet even with all these resources, many likely feel unsure and not entirely protected. A strategic approach to cybersecurity is circular and iterative, and importantly — informed by data. Businesses should also approach managing cyber risk with insurance as they do other enterprise risks. This includes adopting a framework of continual strategy re-examination, renewal, and revision based on the evolution of the risk profile.
Ransomware preparedness usually includes appropriate cyber insurance, which manages the potential financial volatility and erosion of shareholder value. However, organisations should procure cyber insurance alongside cybersecurity and risk management practices, reviewing their incident response plans and preparedness to optimise how their coverage will indemnify financial loss, business interruption, fees and expenses associated with the ransom and response. Ultimately, a holistic response is the best hedge against ransomware.
Also, developers and operators of fossil fuel power facilities have been affected by insurance challenges as the availability of capacity for the sector has reduced.
The increasing cost of capital has led some operators of these facilities who are not in a project finance arrangement to self-insure assets. Others who are in long-term project finance arrangements, or do not have the appetite to self-insure, face less choice and rising costs in an increasingly volatile insurance sector.
Furthermore, an increase in natural catastrophes and more volatile localised weather because of climate change have hit both fossil fuel and renewable energy projects and facilities. This has led to a greater need for more holistic solutions to help bridge the protection gap.
Despite the decline in access to funding and risk mitigation, the cost to generate electricity from coal-powered plants is still relatively cheap.
Except for a few countries like China, South Korea, Singapore and Japan, the rest of Asia has been slower to implement some sort of carbon pricing policies. These involve capturing the external costs of carbon emitted and shifting it to polluters through a tax, while rewarding those who help reduce emissions.
While access to capital might not be a critical issue for renewable energy facilities, the technological change that underpins green industries is not happening fast enough to displace coal. So far, most of the growth in the region has been attributed to solar, followed by onshore and offshore wind.
The potential growth of the hydrogen economy has led to much excitement and discussion as to how this can accelerate the energy transition, though its development is slow. Japan is leading the way in its development in Asia, with China and South Korea also stepping up their pace. Green hydrogen is projected to overtake natural gas as the clean fuel of the future.
Adoption of green energy sources requires more interest in the development of hydrogen, fuel cells, carbon capture and storage and other clean technologies. While protectionism during the Covid-19 pandemic is more evident around vaccines and food, it could also apply to the raw materials needed for a green economy.
Therefore, while the costs of green technologies are gradually falling, it is hard for firms to find the resources to devote to them when they are fighting the economic consequences of a pandemic.
With Asia accounting for about half of global carbon dioxide emissions, it is central to the global green energy agenda. Successful implementation and adoption of large-scale renewable energy relies heavily on robust policies that enable an appropriate regulatory framework to attract investors, as well as increased investment and speed in developing the infrastructure needed to support a more stable and reliable grid.
Given that, champions of a green global economy will need to be patient as countries in the region work their way through a long transition.
The article first appeared in The Business Times Singapore on 17th November, 2022. Mitigating growing ransomware risks, Opinion - THE BUSINESS TIMES

Owen Belman is the CEO of Asia at Aon.
Contact us