Cyber security threats take a wide range of unpleasant forms, from the classic phishing attack by email, to malicious worms, Trojans, computer viruses, and spyware, to innovative data stealing techniques such as SQL injections and man in the middle (MiTM) attacks. Of these, one of the most persistent and underestimated threats by businesses is ransomware.
Ransomware is a malware attack that involves a hacker locking the victim’s computer system files, typically through encryption, and demanding payment to decrypt and unlock them. The threat of ransomware is underestimated due to the growing dependence of businesses on cloud storage solutions. Many businesses that use cloud storage presume that data security is completely handled by the vendor, and that they are immune to ransomware. Unfortunately, this isn’t entirely true. Although cloud storage does provide an additional layer of protection by allowing you to restore your files from a backup version, it isn’t a foolproof solution to the issue of data crime.
Ransomware can still infect files stored on a cloud storage service if the service is mapped as a network drive on your computer, or if an infected system has an open Internet connection with the cloud storage. If the ransomware program is then able to infect local files and these files are automatically synced to your cloud storage, then the cloud versions could also become encrypted! Some sophisticated ransomware programs are even coded to seek out and encrypt any accessible backups, including connected external drives, network storage, and potentially even cloud backup or nonlocal storage facilities.
Hackers have been fast to capitalise on the data complacency brought about by cloud storage solutions, and the widespread overestimation of their security credentials by businesses. Hackers have also been encouraged, unfortunately, by a growing trend among victims to cave in to ransom demands. In 2023, a global average of 73% of ransomware victims decided to pay a ransom to recover data, a worryingly large increase from 49.4% in 2018.
Cybercriminals are also well aware of the growing number of businesses with cyber security insurance and disaster recovery plans in place, which often cover the cost of the ransom from the business’s perspective and makes it more tempting to simply pay up and then get on with their lives.
And if a business refuses to pay up?
Well, many of these cybercrime syndicates are not without teeth and are not afraid to bite. In November 2023, a global cycling component manufacturer, Shimano, fell victim to a ransomware attack that encrypted a staggering 4.5 TB of sensitive data, including confidential employee details, financial documents, customer details, product specifications, contracts, and legal documents.
Following established best practices, Shimano refused to pay (the ransom deadline was 5th November 2023), after which the crime syndicate that had launched the attack declared that “all available data had been published”. Where the group, which calls itself ‘LockBit’ and is apparently one of the world’s most active ransomware gangs, published or intends to publish this data is unknown, but presumably a darknet marketplace.
It goes without saying that a similar leak for a UK company could have a devastating reputational and legal impact. Regardless of the data being backed up or not, a leak of this nature would be in direct breach of Data Protection/GDPR standards and could lead to an ICO investigation and fines, as well as potentially irreparable brand damage.
Does this mean that businesses are better off paying ransom demands rather than risking the consequences?
Of course not. Submitting to a demand only encourages cyber criminals and perpetuates the problem for other businesses. In the circumstances, Shimano probably did the right thing.
However, the incident starkly highlights that the focus of cyber security should be on prevention, not cure, and that traditional antivirus measures and firewalls are no longer adequate to guard against extremely sophisticated and organised ransomware gangs.
Secure by design is a concept in cyber security in which systems and software are designed to be secure from the ground up, by building detailed security protocols into every part of the system design, rather than adding it on as an afterthought or only in specific areas (as in antivirus software or most firewalls).
Some of the principles of secure by design include fail-safe defaults in which the default access level to a resource is be zero access – e.g. a firewall that denies all traffic unless specifically allowed, ‘complete mediation’, in which every access to a resource should be checked for authority, each time, and ‘separation of privilege’, in which a protection mechanism requires two or more keys to unlock it, reducing the risk that a hacker could gain unauthorised access to a resource through a shared mechanism or single access key.
By working these principles into every network device and system, software developers and IT security specialists can develop bespoke systems that are inherently less vulnerable to external security breaches. In contrast to traditional cyber security strategies, secure by design is a proactive approach, aiming to minimise or eliminate the risk of security issues and damaging data breaches from the outset.
To find out more about secure by design and how you can help safeguard your business and customers from ransomware and other security threats in 2024, please contact TMB today by clicking here.
Image Source: Canva