With cyber attackers now more advanced and better than ever at extracting ransoms from victims, organisations are being urged to war game their initial responses, but not to rule out paying ransoms.
“We simulate a ransomware attack, and we see how the leaders behave,” says Massimo Peselli, the chief revenue officer and a senior vice president at Verizon, which offers cybersecurity services to enterprise clients.
“We put them in the room and we say, ‘Now, this is happening. This is your systems being compromised. These are the operations that you will not be able to perform in 48 hours’. What do you do?”
The exercise is designed to simulate the high pressure ransomware attacks where compromised data or system controls are used as a threat to the organisation. Executives are left with a choice, Mr Peselli said: “Hold the line or agree to pay and then call the authorities to help recover the money.”
Attackers will often breach a system and issue demands on a Friday afternoon, with a threat to shut down systems or release data if a ransom isn’t paid by Monday, according to Mr Peselli.
In a recent wargaming for a data breach, the pressure became too much for one company. “One executive left the room, saying ‘I can’t take it’,” Mr Peselli told InnovationAus.com.
As Optus, Medibank and Lattitude have recently found out, the stakes are high and the pressure to respond is real. In each breach, some data of millions of Australians was stolen.
In anticipation of more dangerous breaches, including to critical infrastructure, Cybersecurity minister Clare O’Neil has summoned Australia’s biggest banks to similar war-gaming exercises.
“Consider what damage could be caused if attackers intentionally try to degrade trust in a major system we depend on like telecommunications or banking,” she said in April.
“We need to plan for utilities to go down, for hospital systems to be under attack.”
A discussion paper released this year by the Australian government to kickstart consultations on new national cybersecurity strategy floats a prohibition on ransomware payments.
Around one in four cyber-attacks now involve ransomware, according to Verizon’s latest data breach report, which analysed over 5000 data breaches in the last year.
But a blanket ban would not be effective, according to Mr Peselli.
“It’s easy to say [don’t pay] when you’re not the one under attack, but when you are under attack, it depends,” he said.
Many ransomware victims are choosing to pay up. According to Verizon’s latest data breach report, ransomware attacks levelled off this year after a record jump in 2022.
But attackers got better at extracting ransoms – double the money was extracted this year from a similar amount of attacks, according to Verizon’s report.
It is a much more sophisticated industry now with attacks almost exclusively motivated by financial gain.
“Before, sometimes it was just some kids that wanted to show that they could breach someone else’s system and now it’s all financially driven,” Mr Peselli said.
“So the bad guys have become more and more smart on that, and I think they develop this intelligence faster than some of the companies that need to defend the data.”
Better cyber security for businesses is a particular challenge in Australia where SMEs dominate the market. This makes the government’s role in building awareness and encouraging basic cyber hygiene critical, according to Mr Peselli.
“74 per cent of the breaches are created by humans. And we’ve seen again, an increase in social engineering, in phishing — driving people to click on something or pretending to be someone else to gather information,” he said.
In last month’s Budget, the Albanese government allocated a $23 million grant for Australia’s small business council to train up to 60,000 cyber wardens over the next three years.
It was the second largest cyber commitment in the Budget, trailing only the $46.5 million commitment for a national cybersecurity office which will coordinate responses to incidents.
The author travelled to the opening of Verizon’s London Hub for innovation as a guest of the company.
Do you know more? Contact James Riley via Email.