A paradox event has taken shape over the last half decade: As organisations invest in Digital Transformation (DX) initiatives to be more agile, productive, and efficient, the risk of a Black Swan-like digital disruption event like a successful Ransomware attack or major cloud vendor outage has inadvertently been created.
The headlines for disruption often center around Cyber Incidents or Cyber-attacks in the form of data breaches, espionage, and ransomware. The list continues to grow for disruptions related to human error and cloud vendor multi-day outages.
There is positive momentum on deflecting these disruptions though. Organisations that are digital resilient-mature can deflect these Black Swan events with ease. This is made possible by developing both a Digital Resilient strategy and using a Secure-by-Design decision lens that places cyber executives at the strategy table during DX discussions. The duality of this strategy keeps Bad Actors from accessing their data while ensuring these same Bad Actors can’t prevent access to their data if a breach occurs, among its many benefits.
Unfortunately, the research landscape shows that most organisations have a long journey ahead towards becoming Digitally Resilient. Many are simply not executing their plans and are distracted from executing. The good news is that there is an existing blueprint, so commitment and determination could be the only factors holding organisations back from getting it done.
Organisational Perceptions of the Threat
Resiliency is on the Agenda, yet Execution Lags
Confidence in ‘Am I Resilient?’ Eroding with Business Leaders
Yet, Cyber Executives are Cautiously Positive
The Need for Ecosystem Resiliency Maturing
Today’s Cyber Criminal is Organised, no longer the ‘Lone Hacker’
Cybercrime Continues to be an Attractive Business for Criminals
Cybercrime is a numbers game. Criminals gamble on access, and ‘hit’ the lottery about 40% of the time, though some successful incidents lead to no initial payments. Revenues from incidents can range from a few thousands upwards in the millions when landing ‘big fish. (source: 2022 Verizon Data Breach Investigation Report).
Cybercrime is a relatively low risk, high reward venture. Ransomware payments made in crypto currencies are still hard to trace and recover. Cyber syndicates often disband and reform elsewhere before getting caught by authorities.
Revenues from Cybercrime Continue to Grow
The Prime Target for the Cybercrime Syndicates
The Playbook. Cybercriminals have a playbook, complete with the ideal victim profile (Link). The typical target is:
Organisations are facing several trends and barriers that may hinder efforts towards becoming Digital Resilient. Some factors are external and hard to control, others internally self-inflicted through poor decision making and a lack of execution of cyber resiliency initiatives that reduce disruption risk.
Internally Produced Risks
External Risks and Trends
Cybercriminals continue to rely on human error and weak controls (process and technology) to gain access to organisations. Highly-mature organisations have a multi-layered approached designed to mitigate human mistakes as it pertains to cyber incidents and disruptions. See the last section for the Digital Resilient blueprint.
IBM X-Force has found a pattern to a ransomware attack, a pattern compromising of a 5 stage attack (2023 X-Force Threat Intelligence Report)
Stage 1: Initial Access
The most common access vectors for ransomware attacks continue to be phishing, vulnerability exploitation, and remote services such as remote desktop protocol.
Stage 2: Post Exploitation
Depending on the initial access vector, the second stage may involve an intermediary remote access tool (RAT) or malware prior to establishing interactive access with an offensive security tool such as Cobalt Strike or Metasploit.
Stage 3: Understand and Expand
During the third stage of the attack, attackers have consistently focused on understanding the local system and domain that they currently have access to and acquiring additional credentials to enable lateral movement.
Stage 4: Data collection and Exfiltration
Almost every ransomware incident X-Force IR has responded to since 2019 has involved the “double extortion” tactic of data theft and ransomware. During stage 4 of the cybattack, the focus of the ransomware operators switched primarily to identifying valuable data and exfiltrating it.
Stage 5: Ransomware Deployment
In almost every single ransomware incident X-Force IR has responded to, the ransomware operators targeted a domain controller as the distribution point for the ransomware payload.
First the good news. The percentage of those paying the ransom declined in 2022. Two reasons attributed to the decrease are:
Those that do pay often pay again when remediation plans are not completed – a sad result that can be such as easy fix.
Profiling Ransomware and Extortion Demands
Data Recovery Success Rates from Paying the Ransom
Over the last three years, Cyber Insurers have tighten their policy language to reduce their risk. Evidence of a Nation-State sponsored attack is viewed a ‘Act of War’ by some insurers and could lead to non-payment. Many insurers are insisting a data resiliency plan be in place and evidence of implementation before offering coverage to an organisation.
The road to Digital Resilient starts with assessing where you stand today across the core pillars: Secure by Design strategy, cyber security + resiliency, data security + resiliency, people protection and response simulation exercises.
Each organisation operates at a different maturity level. Becoming Digital Resilient starts with objectively assessing maturity level using industry benchmarking, with the assessment providing the prioritized risk mitigation roadmap to advance towards Digital Resiliency.
TES can help. Let’s talk about what’s best for you to become Digital Resilient and realise the full benefits of Digital Transformation. We can help you at every point of your journey.
Working with you, we go ‘under the covers’ to assess and recommend a path forward to address deficiencies in your Digital Resilient posture, whether that is in cyber protection, security, resiliency or testing for survivability of an attack. Recommendations are vendor agnostic.
We regularly brief organisations on the Digital Resiliency trends, technologies and best practises that help stay ahead of cyber criminals, avoid the disruption effects of an outage and achieving in a sustainable manner.
Briefing: The Path to Digital Resilient: We regularly brief organisations on the Digital Resiliency trends, technologies and best practises that help stay ahead of cyber criminals, avoid the disruption effects of an outage and achieving in a sustainable manner.: Working with you, we go ‘under the covers’ to assess and recommend a path forward to address deficiencies in your Digital Resilient posture, whether that is in cyber protection, security, resiliency or testing for survivability of an attack. Recommendations are vendor agnostic. Request Briefing Session
Design and Deploy Protection and Resiliency Solutions: the TES Digital Resilient BlueprintTM is our guide to strengthening your Digital Resilient posture with the right set of complementary technology components ideal for your environment. Leveraging the output of the Assessment or working with you, TES will design and deploy the ideal solution that will reduce the work effort to secure and protect the organisation, ensure a seamless employee experience by reducing complexity, reduce the potential for data loss risk and close the door on the Black Swan. Request a Free Design Discovery Session