Ransomware attacks are becoming more sophisticated, while new remote workspaces have made organisations more exposed to security threats. Khalid Mashayek from VERSOS explains what to do about it.
What are the available statistics on the incidence of ransomware in the region?
In the past year, 92% of organisations reported that their organisation have seen ransomware delivered via email attachments. And nearly 30% of organisations have seen business operations impacted by ransomware. Any organisation, large or small, is the target for a ransomware attack. However, many are not ready for ransomware as they lack effective prevention, a plan for zero downtime, or a process to recover quickly.
What are the key reasons why ransomware is increasing in the region?
Ransomware is a serious threat. And there are so many types. These attacks evolve and are becoming more and more sophisticated. Indeed, it’s no longer about if, but when an attack will occur. And more importantly, how quickly organisations can recover their data and business applications from such an attack.
What are the weaknesses in an organisation’s cyber security practices that lead to successful incidents of ransomware?
Ransomware attacks are becoming more sophisticated and cybersecurity professionals are taking action. With the right tools, you can prevent, detect and respond quickly to ransomware attacks threatening your organisation. The majority of ransomware is propagated through user-initiated actions such as clicking on a malicious link in a spam e-mail or visiting a malicious or compromised website. In other instances, malware is disseminated through malvertising and drive-by downloads, which do not require user engagement for the infection to be successful.
Are there any specific types of organisations that are more targeted than others?
Yes of course, large governments and enterprise customers are more targeted than other entities for different reasons such as:
- Damage to brand and reputation
- Erosion of customer loyalty
- Theft of intellectual property
- Loss of business
- Regulatory penalties
- Impaired security for your business or governments and states
- Increased potential for future attacks
Are certain GCC and Middle East countries more targeted than others?
Yes, Saudi Arabia has witnessed series of cyberattacks in the past few years, due to its economic and political positions. Saudi Arabia was attacked by Shamoon and others.
Has the pandemic exposed organisations to more incidents of ransomware?
Yes, adopting the new remote workspaces, which become the new normal now, has made organisations more exposed for the security threats and attacks.
What are your recommendations as an expert security solution provider to mitigate ransomware?
I can summarise the recommendations and solutions as following:
- Backups are critical, using mature backup solutions such as Veritas NetBackup that allows multiple iterations of the backups to be saved, in case a copy of the backups includes encrypted or infected files. Also routinely test backups for data integrity and to ensure it is operational.
- Having an an incident response plan: what organisation supposed to do during ransomware attack.
- Keep all systems patched, including all hardware, including mobile devices, operating systems, software, and applications, including cloud locations and content management systems.
- Restrict Internet access. Use a proxy server for Internet access and consider ad-blocking software. Restrict access to common ransomware entry points, such as personal email accounts and social networking websites.