Over the past year, security companies have witnessed the massive impact that ransomware attacks like SolarWinds and Kaseya have had on businesses. As businesses play catch up to the tactics used by hackers to deploy malware, even more sophisticated approaches are unleashed. As we prepare for 2022, ransomware is one thing it’s safe to say is here to stay. Here’s what companies need to consider as they evaluate their cyber hygiene and prepare for 2022:
Expect Ransomware Attacks to Double, if Not Triple
Next year will likely bring double, if not triple, the number of ransomware incidents we saw in 2021. Hackers have seen success from ransom payments – and the number of companies willing to pay is growing. At the micro level, companies know they lack the resources to reclaim their systems on their own in a timely manner, which leaves them with little to no choice in terms of opening up their wallets to attackers. But if we consider the macro level, paying ransomware exacerbates and accelerates the problem by incentivizing and equipping more numerous, skillful attacks. A growing number of companies are paying; at Kudelski Security we see more and more clients who are paying. Until the incentive structure at the micro level vs. macro level align, we will remain in this ransomware conundrum.
Ransomware is now far beyond a security concern; companies are finding themselves in ethical dilemmas surrounding whether or not they can – or should – pay a ransom. The reality is this: the organization cannot identify who they pay to remove the malware from their systems. Eventually, some company is going to be linked to paying a terrorist, which will refocus the debate on regulation.
Supply Chain Disruptions are Far from Over
Between the proven case that more companies than ever are paying ransomware and the slew of supply chain compromises we can expect to still see well into 2022, a vicious cycle is brewing.
The supply chain has been plastered all over the news the last few months in terms of delayed shipping and worries about out-of-stock items ahead of the holiday season. Beyond these inconveniences, the supply chain – including critical infrastructure like oil pipelines – faces the dangers of ransomware attacks due to the chain-like reaction that it has on companies and their partners. In these breaches, far more companies are impacted than the first to be hit or the even the overall intended victim. These more sophisticated attackers can target multiple companies at a time, disrupting each one’s system as they move through the partner companies along the chain.
Moving forward, we can expect to see more and more companies within a supply chain fall victim to ransomware attacks. We’re also likely to see attackers go after managed security providers and law firms, which enables them to attack the hundreds of clients they’re serving at the same time.
The Top Ransomware Targets
Cybersecurity, and the tools that are associated with it, are often perceived as extremely expensive. Small and medium sized businesses are massively exposed to ransomware given their lack of protection and how underserved they are by the security community.
Medical ecosystems will also continue to be a top target. The medical industry drives deeper pressure surrounding the amount of time a company must deliberate on paying the ransom or attempting to remedy the situation on their own. Concerns about physical safety will drive more healthcare organizations to make ransomware payments, which in turn, will drive more attacks.
Further, attacks are unlikely to carried out on actual medical systems or devices but will continue to be straightforward, IT-focused attacks. In general, attackers will continue to target billing systems, patient records and ERPs because attacking the enterprise systems is sufficient to accomplish their objectives. If a hospital’s billing and/or patient system is down, it effectively shuts down the hospital, making IT systems in healthcare a primary target for the foreseeable future.
How to Mitigate Ransomware Attacks
Over the next year, with so much increased incentive for ransomware attacks, now is the time for companies to equip themselves with the proper tools and training to set their employees, customers and company partners up for success. Rather than focusing solely on their ransomware backup strategy, companies should use their resources to evaluate their cyber hygiene and endpoint detection and response strategies. It is crucial to fixate on the root causes, not just the symptoms of the overall problem.