Data for Ransom: An Urgent Call to Improve Cybersecurity Measures

Over the recent 4th of July holiday weekend in the US, a cybercrime organization hacked the information technology firm Kaseya furthering the string of recent cyberattacks in the country. Consequently, this recent ransomware assault also compromised the company’s clients. Estimates between 800 and 1,500 businesses worldwide are highly likely to have been affected by the event.

Ransomware attacks are defined as when an individual or group of cybercriminals steal files, lock access to these assets, and demand payment for them to be released and not to be leaked to the public. In the case of the Kaseya hack, $70 million has been asked to be able to restore the data of all the businesses that have been compromised.

“What makes this attack stand out is the trickle-down effect, from the managed service provider to the small business,” said John Hammond, a cybersecurity researcher at Huntress Labs. “Kaseya handles large enterprise all the way to small businesses globally, so ultimately, it has the potential to spread to any size or scale business.”

Primarily, Kaseya plays a key role within the internet’s ecosystem granted that they offer software tools and handle software updates for various IT outsourcing providers globally. What’s got cybersecurity experts worried, however, is not the sheer volume of victims but rather the level of planning and sophistication necessary to pull this type of operation off.

The Russian-speaking ransomware gang REvil, which has claimed responsibility for the recent hack, adopted unprecedented tactics that are much closer to a high-level scheme involving government-backed hackers. Moreover, they deployed what’s known as a zero-day which is a vulnerability in a program that software developers aren’t aware of and are unable to fix.

In this regard, President Joe Biden has ordered intelligence officials to conduct a “deep dive” to find out what happened during this particular hack. “The initial thinking was, it was not Russian government, but we’re not sure yet,” he explained.

So far, victims have been identified across 17 countries including the U.K., South Africa, Canada, Argentina, Mexico, and Spain. Hitting closer to home, Philippine organizations have also had their fair share of encounters with ransomware attacks. Based on a report published by UK-based cybersecurity firm Sophos, it was found that the country spent an average of $820,000 ( around ₱40 million) in 2020 to recover from similar hacks.

Additionally, the frequency of cyberattacks has also spiked given the drastic digital transition that the global pandemic forced upon the country. Approximately 42% of the organizations that were surveyed for the report expressed that they were hit by ransomware in 2020. This presented an increase of 12% from the 30% recorded in 2019.

Effectively, this has prompted an urge for the Philippines to bolster its cybersecurity measures and develop more experts in the field. Over the previous month, the Philippine Institute of Cyber Security Professionals (PICSPro) affirmed that the number and skill level of the country’s current cybersecurity experts remain “disproportionately inadequate” to the continued rise of these threats.

“PICSPro’s commitment is anchored on our vision, which is to advocate for the highest level of cybersecurity here in the Philippines. The best way to do that is to make cybersecurity more accessible and train professionals and hone their skills, to the point where they become globally competitive,” said PICSPro Chairman Angel Redoble.

Nonetheless, companies should definitely consider acquiring a cyber insurance policy in hopes of defending themselves from various types of hacks given the vulnerability of the current digital landscape. The prevalence of ransomware, in particular, has also surged the demand for this type of protection. However, experts caution that insurance isn’t necessarily a catch-all solution for cyberattacks.

Ultimately, it would be best for organizations to beef up their internal IT departments who serve as the first line of defense against these risks. Firms could also look to foster professional partnerships with external cybersecurity providers to help in mitigating these attacks or conduct negotiations in the event of a hack.

The Philippines was ranked 6th in the global list of countries with the most web threats recorded as of February this year under Kaspersky’s Security Network (KSN) report. It found about 44.4 million web-borne threats in computers in the Philippines. Undoubtedly, the country can and should do better in terms of cybersecurity.

In today’s world, digital data is just as valuable — if not even more so — as any other asset that organizations and individuals should safeguard. Protecting them should be a key priority for all.

References: NBC News, The Guardian, Rappler, ABS CBN, CNN PH, BusinessMirror