29 Jul Paying the ransom is a terrible idea
Ian Jansen van Rensburg, lead technologist at VMware Africa.
Over one third of South African IT decision-makers (35%) are on high alert and are expecting cyber-attacks on their businesses within days.
In addition, besides expecting imminent attacks, another 31% of organisations are expecting an attack within the year. Fewer than one in five IT decision-makers in SA enterprises believe themselves safe from attack in the next two years.
So says Ian Jansen van Rensburg, senior systems engineer at VMware, citing the results of a new research study called ‘The State of Enterprise Security in South Africa 2019’, conducted by World Wide Worx in partnership with Trend Micro and VMware.
“And it’s just as well they are,” he says. “Look, for example, at what happened last week, when City Power in Johannesburg fell victim to a ransomware attack that crippled most of its systems and Web site, leaving the entity paralysed, and unable to supply services to its customers.”
City Power is not alone, he says. In the US, over 20 public-sector organisations have suffered ransomware attacks this year, including City Lake, Tallahassee and Riviera Beach in Florida, Augusta in Maine, and Albany in New York.
He says this highlights the fact that no organisation, even those with huge security budgets and the most state-of-the-art security systems in place, is safe.
“And unfortunately, with ransomware attacks, depending on the type and severity, the damage could take weeks or even months to repair, and costs for organisations in terms of system downtime and disaster recovery are so exorbitant that many choose to pay the ransom instead.
“Paying the ransom is a terrible idea,” he adds. “Not only does it encourage this type of scourge, but there is no guarantee that cyber criminals will hand over the decryption key once the ransom is paid.”
However, many companies do end up paying, to avoid the laborious recovery of data from backups, assuming these backups are current and unaffected.
The study also showed that a slim majority (57%) of businesses say they can detect evidence of a malicious breach within a few minutes. The rest said they won’t know they’ve been compromised until a few hours, or even longer after a breach has taken place.
“These organisations could be in for a nasty surprise, particularly if they are hit with ransomware, which can lock down almost every file on a user’s computer within a few hours, meaning that any response by then would be too late,” stresses Jansen van Rensburg.
These figures show that SA businesses have yet to fully grasp the nature of the threat and will end up facing huge losses thanks to ransomware.
Unfortunately, he adds, ransomware isn’t going anywhere soon, as this type of attack is highly lucrative for cyber criminals. “Although a slew of other attacks exists, attackers who are after a quick payday are turning more and more to extortion-type methods.”
Another disturbing finding was that the biggest shortcoming in cyber security preparedness is outdated software, with a staggering 77% of IT decision-makers claiming that it makes their organisations highly vulnerable.
“With ransomware claiming victims left, right and centre, organisations simply cannot afford to not keep their software up to date. Who can forget the notorious WannaCry and NotPetya attacks from 2017 that brought some of the biggest organisations around the world to their knees? Both attacks targeted outdated Windows systems,” he says.
Software and systems that are out of date can’t defend themselves from ransomware attacks. “There were thousands of computers running vulnerable systems before the WannaCry breakout, and in its wake, there are still machines out there that haven’t installed the Windows EternalBlue vulnerability patch.”
It is clear, he says, that the approach to IT security in a cloud and digital era must change rapidly and dramatically. There is a very real need for senior financial decision-makers to learn that when it comes to data protection, an ounce is worth a pound of lost data and productivity.
“The report stresses where local organisations are strong and reveals the areas of IT security that they still need to work on. Having strong information and data security solutions in place is essential, and also a cultural shift towards security awareness and collaboration across all parts of the business. No business can afford to be lax when it comes to keeping their systems and software updated, and their staff educated on basic security hygiene,” concludes Jansen van Rensburg.