Time to stop a ransomware attack has come down from months to a matter of days
IBM’s X-Force cybersecurity watchdog says the time available to stop a ransomware attack is down to a matter of days.
The time available to thwart ransomware attacks has shrunk from months to days as the number of attacks on supply chain and manufacturing businesses in the Asia-Pacific region has skyrocketed, according to IBM’s cybersecurity watchdog.
Charles Henderson, head of IBM’s X-Force, which also sells cyber protection services, said that the average time for criminal gangs to deploy ransomware once it had breached businesses’ defences had fallen to an average of four days, compared with two months two years ago.
“We have far less time to detect an attack and respond before the organised criminals accomplish their goals,” he said, noting gangs were increasingly seeking to extort money from “organisations already stretched thin by the pandemic and therefore more likely to pay”.
“The complexity of the attacks is going through the roof (so much so that) we are encouraging customers and the world at large not to focus on securing their perimeter anymore but to focus on detection and response,” he said, speaking to journalists at IBM’s X-Force Command Centre in Cambridge, Massachusetts.
The first meeting of the International Counter Ransomware Taskforce, a body launched in November last year charged with disrupting, combating and defending against the ransomware threat, took place in Australia last month.
Home Affairs Minister Clare O’Neil said in a statement: “Recent cyber incidents in Australia and around the globe are a stark reminder of the insidious nature of ransomware, and the ability of cyber criminals to cause widespread disruption and harm to broad sections of the community.”
A series of high-profile attacks — on Channel 9, the Colonial Pipeline in the US, and global meat processor JBS, which paid an $11 million ransom — have drawn attention to the growing potential for cyber criminals to cause major economic damage.
An online platform used by the defence department, ForceNet, was subjected to a ransomware attack in October last year, one of more than 4000 attacks reported outside the US in the past 18 months, according to US officials.
Mr Henderson said IBM never encouraged businesses to pay the ransom.
“By paying, you’re just financing your next big problem (and it) doesn’t mean it’s going to go away; many organisations that do pay likely end up compromised again in the next four months,” Mr Henderson said.
The average cost of a breach to businesses had increased 13 per cent over the year to March 2022 to $US4.5 million, and 60 per cent of injured firms had to increase their prices as a result, according to IBM’s 2022 Cost of a Data Breach Report.
“Because of the growing complexity of the breaches and a growing skills shortage, none of the levers that determine the cost of a breach are working in businesses’ favour,” Mr Henderson said, adding that “long hours of work” were driving skilled workers out of cybersecurity.
IBM senior security architect Jennifer Szkatulski said more than 13,000 businesses since 2016 had availed themselves of IBM’s X-Force Cyber Range training centre, to war game how to respond to attacks, and that future bookings had “increased exponentially”.
Adam Creighton travelled to IBM X-Force Command Centre in Cambridge, Massachusetts courtesy of IBM.
Uber urges Aussies to give up second car to fight climate change
Ride share giant Uber says transitioning to EVs is not enough to slash automotive emissions and congestion as it urges Australians to consider giving up their second car.
Medibank doubles the number of staff who have ‘gift day’
Australia’s biggest health insurer says more staff are “willing to go above and beyond” as part of a new program allowing staff to work four days per week with no loss of pay.