We live in uncertain times. Our media is awash with tragic images and news from the conflict
in Ukraine and war has taken on a new facet in cyberspace.

The only certainty is that opportunists on both sides and those of neutral disposition will take advantage of the chaos to leverage cyberattacks. Whether it be nation-state driven, politically motivated hacktivists or financially driven cybercriminal gangs, the fact is your organisation is under increasing threat.

Every year, Sophos commissions an independent survey of IT administrators to gauge the state of cybersecurity and the threat landscape. So, what can we learn from 2021 and how can we use this information to be better protected during 2022?

Let’s begin with the headline stat. During 2021, 37 per cent of the 5,400 organisations we interviewed were hit by ransomware at least once. The average number of incidents in these organisations was three events, and in the worst case, a particularly unfortunate victim was hit 16 times in total, that’s more than one outbreak per month.

Concerningly, most organisations had up-to-date cybersecurity measures in place. What happens if you are the victim of an attack of this nature? In 54 per cent of cases some or all of the target data was successfully encrypted by the criminals, rendering the information inaccessible to the victim without payment.

Moral and ethical arguments aside, paying up is probably not the best strategy, since you are unlikely to get all of your data back. Statistics tell us that on average, 65 per cent is restored following payment.

A user might choose instead to turn to their backups, but these take time to recover and may not be complete. Whichever way you slice it, getting hit is expensive, with the overall cost of ransomware including down-time, lost opportunity and reputational damage now estimated to top £1.4 million, more than double the cost last year.

Sadly, there is no silver-bullet solution to the challenges of ransomware, particularly as tools to allow non-technical individuals to launch attacks are now prevalent (so called ransomware-as-a-service).

First and foremost, an organisation’s cybersecurity strategy should begin with the assumption that they will be hit at some point.

Teaching your users to recognise the tell-tale signs of phishing and other malicious messages pays dividends here because, if users don’t interact with the malware in the first place, often the attack cannot take root.

Interestingly, as technology gets better at protecting the cyber estate, all of a sudden, the user looks like the softer target, leading to a rise in social engineering attack elements.

A good backup strategy is also paramount, so that a successful restoration is a better option than relying on the honesty of the perpetrator.

The final tip for the future is to take an honest look at your own ability to detect and respond to a cyber incident, and look to external help to plug the gaps. For example, if you are unable to operate a security operations centre 24 hours a day, 365 days a year, you are already on the back foot, since the criminals never rest and often intentionally time their attacks to land out-of-hours.

You also need access to human beings that can analyse the streams of telemetry coming from
your IT estate and hunt for the tell-tale indicators of compromise like the proverbial needle in the haystack.

This is particularly critical now since the cyber gangs often bury their attacks within and hide behind legitimate services and IT tools, meaning technology alone isn’t enough to distinguish the difference.

Running a security operations centre of this calibre yourself may well be financially out of reach, but fortunately Sophos is on hand with our managed threat response service, placing world-class cybersecurity protection and personnel firmly within reach of organisations of all sizes.

For more information visit here.

Partner Content in association with Sophos