Last month, the FBI warned that ransomware attacks, like the one on the Colonial Pipeline, are a growing problem. From attacks on the Miami-Dade School District to Apple’s $50 million ransomware mess, the agency is investigating growing instances of cybercriminals wreaking havoc and confusion by holding vital services, citizen’s private information, and critical data hostage for money.
Ransomware is a highly profitable business for cybercriminals. According to the Ransomware Task Force (RTF), the cost of ransoms paid by organizations has nearly doubled in the past year. And such attacks have not just caused monetary damages; many have delayed lifesaving medical treatment, destabilized critical infrastructure, and even threatened national security.
It is no coincidence that this rise in cybercrime occurred during the pandemic. To support the sudden need for remote working, IT departments were forced to evolve to rapidly enable systems to be accessed from home, ramping up the digitization of their core applications and services outside their firewalls. Security teams pivoted to support the rapid increase in the adoption of cloud-based applications and remote work.
These unique conditions, and the return to a hybrid work environment, provided fertile ground for opportunistic cybercriminals. When combined with the increasing amount of personal information that can be found online, cybercriminals have become more deceptive and their attacks have gotten more authentic looking.
CrowdStrike identified this trend in its 2021 Global Threat Report. It concluded that the pandemic had provided “valuable subject matter” for cybercriminals, which used COVID-19 themes in their phishing attacks. The health care sector, including biopharmaceutical companies developing COVID-19 vaccines and therapeutics, has become a particular target as a result.
To Pay or Not to Pay?
Despite catastrophic damages, fewer organizations are choosing to pay ransoms as businesses lose confidence that extortionists will honor their end of the bargain. In Q3 2020, 74.8% of companies that were threatened with a data leak opted to pay, according to Coveware. In Q4 2020, that percentage declined to 59.6%.
Instead, CISOs are doubling down on precautionary measures, purchasing backup storage and cybersecurity insurance (a $7.8B market projected to reach $20.4bn by 2025) and beefing up data and privacy operations for data discovery, classification, access management, encryption and governance.
Tackling Cybercrime With AI
This particular cybersecurity issue is threatening every company globally, so the market opportunity for AI-enabled solutions that will combat the threat is massive, but so are the technical challenges to overcome. CISOs are expected to add new capabilities to their AI function over the next two years, such as hiring security strategists responsible for setting the security strategy and informing the enterprise-wide strategy.
Beyond collaborative efforts by industry and government, we are also seeing the emergence of a new breed of fast-growing startups providing innovative AI-driven and automated cybersecurity solutions that automate as many cybersecurity functions as possible, so security doesn’t slow down the company or its workforce. These solutions are helping classify company data, manage access rights, encrypt sensitive data at the right time and put governance policies in place.
In addition, companies are now able to proactively shift the potential impact of cybercrime by taking out specialist cybersecurity insurance. Earlier this year, Corvus Insurance, which offers a broker-focused approach and uses AI to predict and prevent loss due to cybercrime, raised over $100 million in series C funding in the largest cybersecurity insurance financing amount ever.
The Road Ahead
The recommendations set out by the Ransomware Task Force include a national strategy to direct nation-states away from providing safe havens to ransomware criminals; the formation of a government-led anti-ransomware campaign; the establishment of cyber response and recovery funds, and tighter regulations around the cryptocurrencies typically used for ransom payments.
This coordinated action is an essential first step, and it’s welcomed. In the private sector, enterprises should also embrace the new technologies being developed by a fast-growing cybersecurity startup ecosystem, such as AI and automation, which will be key to driving both immediate value and long-term success.