With the wholesale migration towards remote work and various other forms of Covid-based disruption during the past 18 months, ransomware has flourished. Indeed, during 2020 such cyberattacks were up 150% compared to 2019, with the amount paid out in ransoms growing by 300%.
It's a trend that is set to continue into 2021, with a wide range of high-profile ransomware attacks being made against crucial infrastructure and institutions. The ransoms for attacks, such as that against Colonial Pipeline, are running into many millions, with that particular attack believed to have required a $5 million ransom to be paid to the hackers involved.
Such is the scale of the problem that recent data from Atlas VPN suggests that 34% of businesses in the UK are forced to close down after falling victim to a ransomware attack. These extreme consequences emerge due to a combination of revenue loss and brand damage. Even those companies that aren't forced to shut down still often have to shed a large number of employees as they strive to weather the storm.
Similar analysis from cyber insurance company Coalition suggests that companies large and small are under siege from cybercriminals over the past 18 months. The company utilized the Automated Scanning & Monitoring feature that is built into their platform to rate the cyber risk of the 5,000 fastest-growing companies, as determined by Inc.
These companies are spread across 45 industries and have incomes ranging from just $2 million all the way up to $8 billion behemoths.
The analysis was performed in much the same way that any external attacker would interrogate an organization, with thousands of data points collected across a wide range of criteria. These data points were then scored using the integrated risk management platform built into Coalition’s offering.
A number of key findings emerged from the research. Firstly, the risk scores for each company categorizes vulnerabilities into four graded categories, from low at the bottom through to critical at the top, with a final risk score then calculated based upon all of the scores across the various categories and exposed assets. The company believes that because of their insurance experience, they have a strong understanding of the true risk levels for a company, and two industries really stood out as having a higher than average risk profile, with one possibly expected and other not.
The last few years have seen considerable growth in cyberattacks on financial services and payment providers, so it’s perhaps no great surprise that companies in the “equity investment instruments” category fell into the critical vulnerabilities bracket, but it is somewhat more surprising that companies from the forestry and paper industry joined them. What’s more, both sectors were quite some way ahead of the rest in terms of their vulnerability to attack.
The analysis also revealed a clear outlier in terms of the risk profile of the different industries. For the purposes of the research, the only assets assessed were domains, sub-domains, and IP addresses, and organizations in the educational services sector had far more assets of this type than companies in the software sector, which was a very distant second.
In many ways this makes sense, as the sector is known for hosting a large number of domains, this nonetheless presents a significant security risk. The researchers recommend performing regular stock taking to understand what digital assets you have, especially those that are connected to the web.
It was also evident just how large a proportion of companies’ digital assets are now cloud-based.
The analysis found that most companies tend to concentrate most of their cloud-based resources in a single provider, which is usually one of Google, Microsoft, or Amazon. Companies appear to be struggling to fully understand the security exposure such practices provide them. In many ways the ease with which cloud platforms allow assets to scale is also a negative factor because this ease can make it difficult to keep track of just what assets the organization manages.
There were a number of interesting security-related differences between users of the various cloud platforms. For instance, AWS users, which were the most plentiful across the sample, would make far more use of the cloud to run their IT systems. This apparent familiarization with cloud perhaps explains why users of Microsoft 365 and Google Workspace appeared to be less secure.
For instance, a compromised business email account was the most common initial point of entry for 60% of claims made to Coalition in 2020, which itself was a 67% increase on the year before.
Users of Microsoft 365 were around three times as likely to suffer from such an event than their Gmail-using peers, however.
Perhaps the interesting question is whether all of these insights will help to drive cybersecurity to the head of the corporate agenda. Research from consulting firm PwC highlights a general awakening as to the importance of cybersecurity and argues that the sector stands at a pivotal, yet exciting time.
"No longer solely reactive — although it is that — cybersecurity has become more thoughtful and forward-thinking, with the knowledge and technologies to stop attacks before they start," they say. No longer technology-focused — although tech is very much in the picture — security leaders are working closely with business teams to strengthen and increase the resilience of the organization as a whole. As a result, cyber is leveling the playing field with attackers, pushing back and fending off as never before."
Given the huge increase in the number of attacks over the past 18 months, it’s a shift that cannot come soon enough. The Coalition research reminds us that vulnerabilities are far from evenly spread across the economy, and it’s equally unlikely that security improvements will be spread equally either. It seems likely, therefore, that criminals will enjoy rich pickings for some time yet.