Ransomware has emerged to become one of the biggest threats to organisations across all sectors. It has become so prevalent that some insurance companies are even excluding payouts for certain forms of attacks from their ransomware policies. This highlights just how commonplace the cyber onslaught has become, and underscores the pressing need for companies to take preventive measures.

The WannaCry attack in 2017 is one of the most publicised ransomware incidents in recent memory. While other ransomware attacks had occurred before this, WannaCry gained widespread attention due to its global impact and scale. In Asia, it brought disruption to countries such as Australia, China, India, Indonesia, Japan, the Philippines, South Korea, and Vietnam. Since then, the number of international incidents targeting companies, governments, institutions, and infrastructure has continued to escalate.

Cybercriminals are now taking advantage of global chaos caused by the pandemic, natural disasters, and political instability to launch more frequent, far-ranging, and damaging attacks. For instance, remote and hybrid work brought on by the pandemic has allowed them to find new entry points into organisations.

Mounting pressure

It is clear that the demands on cybersecurity professionals continue to mount. According to Mimecast’s State of Ransomware Readiness Report for 2022, as many as three-quarters of cybersecurity leaders across the globe said the number of cyberattacks against their company has increased since last year or stayed the same. In Singapore, this figure was as high as 89%.

In addition to being viewed as part of a company’s social responsibility, cybersecurity is also putting increasing pressure on senior management. Our research found that following a ransomware attack, 22% of businesses have experienced C-suite changes, while 20% have faced legal action against their company.

Meanwhile, many cybersecurity teams are contending with stress and burnout. This comes at a time when the IT industry is experiencing an ongoing talent shortage that shows no signs of abating. Ransomware attacks have taken a toll on the mental health of cybersecurity leaders worldwide, with up to 54% reporting negative impacts, including 56% in Australia. Furthermore, 56% said their role is getting more stressful every year, with this number increasing to 61% in Singapore. Mentally prepared teams are critical for preventing and mitigating cybercrime, but once an attack takes place, employees often struggle with their well-being. Consequently, many cybersecurity professionals are reaching their breaking point, with one-third thinking of leaving their role in the next two years due to stress or burnout.

Ransomware attacks can seriously harm a company’s reputation, and may lead to C-level leaders leaving. Moreover, the cost of recovering from a ransomware attack — including paying the ransom, restoring computer systems, enhancing security measures, and hiring additional staff — can be significant. This consumes a substantial portion of an enterprise’s cybersecurity budget. According to our research, there are signs that cybersecurity teams often lack the basics when it comes to attack prevention and that decision makers would need, on average, an incremental budget boost of 28% to combat ransomware alone. To make matters worse, cybersecurity leaders have trouble recruiting essential IT staff once an attack has taken place, further eroding their ability to combat incidents in the future.

Evolving threats 

Along with the ransomware threat constantly evolving, every indication is that attacks are becoming more harmful each year. Increasingly more attacks are taking place via compromised credentials rather than originating from endpoints alone. As a result, cybersecurity leaders have recognised the need to strengthen email security to prevent credential harvesting.

With cybersecurity leaders becoming less confident in their ability to mitigate the damage when an attack does take place, organisations are still turning to cybersecurity insurance to cover losses when attacks succeed. However, given the prevalence of breaches, insurers are limiting the coverage provided against certain types of attacks. Forty eight percent of respondents globally (and as many as 55% in Singapore and 53% in Australia) said they were concerned that their cyber insurance will refuse to pay out for ransoms in the future.

Business preparedness and proactivity 

According to the report, 57% of cybersecurity leaders would feel personally responsible in the event of a successful ransomware attack — falling from 71% the previous year. This decrease in a feeling of responsibility is likely prompted by a sense of inevitability around breaches. As attacks increase in frequency and sophistication, leaders feel it is more likely that one will eventually succeed. Given this perception, many leaders are placing greater emphasis on mitigation than prevention through the deployment of more sophisticated tools and integrations.

For instance, email is increasingly a key vector for cyberattacks. Over half of the cybersecurity leaders (53%) have encountered a phishing email with ransomware attachments, while 43% have faced phishing emails leading to a drive-by download. As a result, two-fifths (39%) view flagging suspicious email messages with warning banners one of the most effective measures their company can take to protect against ransomware. This approach uses AI and ML, but just 35% are investing additional budget in these technologies, while only 35% are introducing dedicated secure email gateways.

Furthermore, just under three out of 10 leaders say their preparedness for ransomware attacks is based on sharing threat intelligence across different security controls using API integrations. Many organisations appear to be missing the opportunity to use integration to gain better visibility and earlier threat detection. With the sense of inevitability over breaches, many cybersecurity decision makers consider file backup and recovery as the most critical technology for reducing the risk and damage of ransomware attacks.

Reducing the personal and business cost 

As the ransomware threat evolves and proves increasingly harmful, cybersecurity leaders should focus on improving their defensibility. Making their posture more proactive reduces the chances of a ransomware attack causing disruption. Some of the ways to reduce the personal and business cost of ransomware include:

• Integrating security tools to improve threat detection capabilities and responses, and alleviating pressures on busy teams
  With threat actors launching sophisticated attacks that move across networks, fragmented security systems provide limited protection. To counter this, implementing a cybersecurity mesh architecture will connect separate security tools and adapt protection to each asset in the network, thereby creating a zero-trust environment.
  
• Ensuring strong security fundamental practices are in place to reduce vulnerabilities
  As employees are often targeted directly by attackers, security awareness training is vital to ensure an improved posture across the business. With email vulnerable to new attack vectors, robust, up-to-date email security solutions are also a valuable investment.
  
• Evaluating business continuity planning measures to understand the real consequences of an attack
  It is important for organisations to implement the best possible disaster recovery strategies in case an attack occurs. This includes ensuring that data backups are regularly completed, and modelling attack responses to help uncover any gaps in business continuity planning.

While the situation appears to be dire, there are opportunities for businesses to evolve their cybersecurity strategies and address the challenges of complex enterprise networks, limited resources, stretched teams, and evolving threats. This means businesses must focus not only on mitigation, but also proactive prevention to improve their threat detection capabilities and attack responses. Doing so would help them be more prepared against attacks, and ultimately, lower the personal and business cost of ransomware.