Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:15 AM

Rising Ransomware Breaches Underscore Cybersecurity Failures

Ransomware's continued success speaks volumes about what's at stake for businesses and people, and, perhaps, the cybersecurity industry's inability to adapt quickly enough to protect everyone.

Healthcare organizations are once again under attack by ransomware syndicates: Medical facilities in at least three states were hit in the past week, spurring a warning by US cyber-response organizations and underscoring the success of cybercriminals in attacking critical infrastructure for profit with impunity.

Yet, while those attacks make the headlines, they represent only a small share of the successes. Healthcare is not even in the top 10 of the most attacked industries, according to a May survey conducted by cybersecurity firm Sophos. Instead, entertainment, IT, and energy are the top 3 targets, with at least 55% of companies in those industries suffering a ransomware attack in the last year and almost three-quarters of all attacks successfully encrypting data.

Related Content:

Ransomware Attacks Show Little Sign of Slowing in 2021

2020 State of Cybersecurity Operations and Incident Response

New on The Edge: Why Defense, Not Offense, Will Determine Global Cyber Powers

The continued success of ransomware highlights the heightened stakes for businesses — and, because healthcare, local government, and other critical infrastructures are targeted, the general public — in combatting cybercrime and bad actors on the Internet.  

"We are doing all the things that we have always done for malware, but they are just not sufficient," says Greg Conti, principal consultant and co-founder of cybersecurity consultancy Kopidion. "Often it comes down to, do we have backups? If you have a hardened cloud backup or an air-gapped backup system, then you can recover. And if you are not doing those things, then you have a major problem."

The continued success of ransomware also underscores the failures of multiple stakeholders to adapt quickly enough to the increasingly dire issues of cybersecurity — companies, vendors, and governments have all failed to reign in malicious cyberattacks. The lack of consequences for the perpetrators, the relatively easy profits for cybercriminals, and the continued vulnerability of corporate networks makes ransomware unlikely to go away.  

"The security industry is, or course, trying to build things that people will buy but also that solve real problems," Conti says. "The threat actors are agile and they are moving fast. The big companies might be keeping up, but the small companies are not. The root of the larger cybersecurity problem is, how do you defend those under-resourced defenders in a constant game of one upmanship?"

Worse, the cost of failure is increasingly high, with the average ransom topping $1.4 million and the average cost of recovery more than $700,000 for organizations that did not pay a ransom, according to Sophos' May survey. Local governments, small businesses, and school districts are hard-pressed to defend against the attacks, Conti says.

Ransomware is not the only cybercrime enjoying continued success. Business e-mail compromise and invoice scams continue to siphon off millions of dollars from US companies and organizations every year. Suffering from just such as scam, the Wisconsin Republican Party claims that cybercriminals modified invoices for direct mail and other services to steal $2.3 million from an account to re-elect President Donald Trump. Add to those crimes the continuing threat of nation-state espionage and disinformation attacks, and the scope of malicious online activity can easily overwhelm all but the largest companies. 

No wonder, then, that a bipartisan 184-page report released by the Cyberspace Solarium Commission that focused on how the United States could defend its interests in cyberspace opened with a warning: "Our country is at risk ... ."

Mitigating that risk is expensive for every business and hard to do right, says Jason Crabtree, CEO of risk management firm QOMPLX.

"Cybersecurity, clearly, is not something that every company is going to be successful in, even if it runs a great program and has the right people and does all the right things," he says. "You could still be targeted for a variety of economic or strategic reasons and have a problem."

Companies can take steps. A well-tested backup strategy combined with good visibility into network anomalies can head off massive ransomware attacks. While only 24% of companies detected and stopped ransomware before it could encrypt data, more than half of companies that did suffer a ransomware attack were able to restore the data from backup, according to the Sophos report. 

Because of the losses due to ransomware, however, more companies are taking notice. SEC filings are increasingly citing ransomware and data-destructive attacks as a potential business risk, says Greg Baker, senior associate with consultancy Booz Allen Hamilton (BAH).

"Back five or 10 years ago, there was no engagement nor understanding of cybersecurity at the executive level. That is changing," he says. "We are seeing a lot more requests from companies to help them become more resilient because they understand the risks associated with these events."

Yet much of the progress toward a secure Internet will rely on policy and government action. The Cyberspace Solarium Commission concluded that deterrence of attacks in cyberspace is possible, but to do so requires the private sector to secure their systems, government reform, and an economy that mitigates the impacts of attacks.  

Defenders have to be able to make responses to malicious attacks personal for the attackers, says Kopidion's Conti. 

"Increasing pain for attackers — that is a government and law enforcement problem — but the question is, how much can government do when the actors are being shielded by their governments?" he says. "Inherent to the problem of cybersecurity is what can you do when you cannot punish enough of the bad actors to dissuade them from coming back."

Overall, shifting defenders' mindset will require more time, while attackers are able to quickly adopt new ways of exploiting defensive weaknesses, says BAH's Baker. Yet companies and vendors are making environments more resilient with comprehensive security testing, creating playbooks for incident response, and gaining more visibility into their environments, he says.

The shift to a proactive strategy may be what tips the balance, he says. 

"It is not just on the incident response side, either," Baker says. "We are talking about the proactive services, which I think in time will prove to be very fruitful in perhaps not limiting the number of events, but limiting the effects of those events."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
11/2/2020 | 8:57:15 AM
"Healthcare is not even in the top 10 of the most attacked industries" : I'm really surprised this isn't in the top 5. Any idea why ?
Zohar Buber
Zohar Buber,
User Rank: Author
11/2/2020 | 6:06:19 AM
Great article
Great article
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. In versions prior to the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version You can get the update to regularly via the Auto-U...
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. In versions prior to private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation. The visibilit...
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below We recommend to update to the current version You can get the update to regularly via the Auto-Updater or directly via the download overview. For older versions o...