Debtset – Bailiff-Sheriff Aust MEMBER Login
How to resolve AdBlock issue? Ransomware is ‘cyber crime of choice’ now
By Leon Gettler, Talking Business >>
RANSOMWARE – a type of malicious software, or malware – designed to block access to a computer system or its data until a ransom is paid, has become prevalent today.
Ransomware attacks in 2024 had a significant financial impact on businesses worldwide. The average cost of a ransomware incident was reported to be around $1.85 million per attack, which includes expenses like downtime, data recovery, and operational disruptions.
According to the latest Tenable survey, ransomware now accounts for 38% of all cyberattacks. That’s 38 out of every 100.
Bob Huber, the chief security officer at Tenable, said the problem has been getting worse.
“It’s become a business,” Mr Huber told Talking Business. “The effort to start a business is usually considered a steep learning curve. For any enterprise, it takes years of effort and expertise. 
“Ransomware over the past few years has (developed) an ecosystem that allows you not to be an expert (to utilise this software to commit crimes).
“There are initial access brokers and providers and you can contract services out, so you don’t have to be an expert like myself to get into the ransomware game. You can actually contract those areas out where (a hostile actor) may not have expertise.
“So as much as I hate to say it, it’s lowered the barrier of entry to the market for most entities and organisations. It’s just not as difficult to join as it used to be.”
Ransomware targets are plentiful and poorly prepared
Part of the problem, too, is that the total number of targets continues to grow. And most of them aren’t prepared for a sophisticated attack.
“There are so many organisations that, for one reason or another, it’s not core to their business and they can’t make a commensurate investment in defending against ransomware attacks,” Mr Huber said.
“It’s not a specific investment to ransomware itself. It’s foundational cyber hygiene and if you think about organisations like charities, non-profits, they often don’t have the mandates to make the investment.
“You know, economic downturns and pandemics are risks as well, so they have to balance all those risks and determine where cyber fits into their risk (categories) and what they’re willing to accept.”
Mr Huber said as a minimal investment, organisations should have courses in cyber education for their executives and others in the organisation who work in the IT space.
“The biggest bang for the buck is that those are the folks who are great targets,” Mr Huber said.
Working outside offices adds vulnerability
The other major problem is that ransomware attacks have increased with the proliferation of people working from home, or from a café, where there aren’t the same security controls as an office system.
Mr Huber said this was part of “an industrial revolution” that has put cybercrime front and centre for every business.
“Even in my own teams, there’s a lot of focus on zero-day attacks never before seen,” he said. [A zero-day attack exploits a previously unknown vulnerability in software, firmware, or hardware before the vendor has a patch available, leaving systems vulnerable to immediate attack. – Google AI summary]
Mr Huber said that while some nation states do engage in ransomware, it was more usually carried out by cyber criminals.
“It’s just the evolution of what they’ve always done,” he said.
“It’s the same cast of characters we’ve always had. It’s just that the means have changed and improved.
“Now they’ve taken it a step further: ‘I will encrypt your files, and if you pay me I will give your access back and, in addition, I’m going to disclose sensitive information’.” 
Hear the complete interview and catch up with other topical business news on Leon Gettler’s Talking Business podcast, released every Friday at www.acast.com/talkingbusiness
ends