Organisations are confronted with the increasingly difficult task of safeguarding their expanded digital estate against rising cyber threats.
Previously, firms implemented security processes based on the physical network boundary, which was limited to their official premises. Following the outbreak of the Covid-19 pandemic, they adopted remote work strategies, which increased their digital real estate and exposed them beyond their physical networks.
Attackers now have a larger surface on which to deploy actions that jeopardise the processes of safeguarding sensitive resources such as data, systems, networks, applications, and even Internet of Things (IoT) environments.
Ransomware, a type of malware that infects files and folders and prevents them from being accessed, is one of the most rapidly growing types of attacks on this newly exposed digital real estate. The attackers will frequently demand a ransom (hence the name) from their victims in exchange for a decryption key.
Ransomware attacks increased from 37 per cent in 2020 to 66 per cent in 2021, according to the 2022 Sophos State of Ransomware report. More than one-third of the 5,600 organisations polled in the study reported being the target of an attack, with 54 per cent having their files encrypted.
Despite paying a ransom of $812,360 on average, only 61 per cent of encrypted data was recovered. However, by 2021, more organisations had recovered their data following an encryption attack by having backups that were not visible to the attackers. This demonstrates that, even in the case of ransomware, prevention is always preferable to cure.
As businesses expand their digital footprint, they must consider the security of their IoT and Operational Technology environments. They must consider the security of both the devices connected to each other via IoT and the hardware and software points that control and monitor the physical devices within their operational spaces.
The drive for better cyber security should begin with hiring the right people for the job. Unfortunately, organisations are rapidly expanding their digital real estate, which is increasing demand for cyber security professionals and creating a skills gap.
But the potential risk to everything from operational safety to sensitive data is far too great. Therefore, organisations must prioritise prevention over cure.