Phish, smish and pay: The high cost of security failure

The cost of a security breach can run into the millions, which makes it increasingly important for companies to invest in a resilient security architecture bolstered by expertise, insurance and software.

Johannesburg, 11 Jun 2024
Companies must make protection a priority.
Companies must make protection a priority.

Organisations want solutions that mitigate the growing security threat and elevate their security posture. They need a layered and intelligent approach to security capable of withstanding the threats. And there are a significant number of threats. In 2023, more than 72% of companies experienced a ransomware attack, 61% were breached and bots and human fraud farms were behind billions of attacks made throughout the year.

E-mails are increasingly malicious, automated attacks are increasing in scale and ability, and crypto-ransomware is becoming more successful as cyber criminals slice through security systems by taking advantage of vulnerabilities, human error and zero-day faults. It is, says Richard Frost, Head of Consulting at Armata, essential that companies make protection a priority.

“There are several clear stages to a crypto-ransomware attack,” he explains. “There's the delivery mechanism, which is normally a phishing e-mail or perhaps even an SMS followed by installation on your machine, then communication with the command-and-control server that allows the ransomware access to the system, then encryption of the entire system, finally followed by extortion demands. It is at this point companies are faced with an expensive decision – pay or leave.”

This is the inflection point for the organisation. Do you pay the hefty fine or do you run the risk of losing critical data? Unfortunately, there’s no real winning in this situation. The hackers leave the malware hidden within your system and simply re-encrypt your business six months later, starting the whole process again.

“Paying the ransom is risky, not paying the ransom is risky – ultimately, you want to build a security posture that prevents this from happening entirely, or at least puts solid risk mitigation strategies in place,” says Frost. “The latter is critical. There’s been an upward trend in compromised business e-mails, impersonations and phishing because the attacks are becoming more believable and people are making mistakes that are costing companies millions.”

The human firewall remains the biggest vulnerability. People click on links because they’re distracted, tired or badly trained. They don’t recognise that the Post Office scam SMS is just that, a scam. Or that the e-mail sent from their manager is a fake. They’re in a rush, they’re tired, they’re busy… they click. The goal is to create a resilient security posture that takes all these factors into account.

“Start off with user awareness training and balance it with an e-mail security solution capable of catching most phishing and spam e-mails – this two-pronged approach immediately reduces the threat,” says Frost. “Then, invest in a next-generation endpoint detection response (EDR) tool capable of not just detecting ransomware, but destroying it so it can’t sneak in through the back door.”

These tools should be further bolstered by a clearly defined strategy that outlines what should happen after a successful attack. Has the ransomware been detected? How can the business restore the data? Is there a backup – do you have a tool that constantly archives your backups? Have you invested in cyber insurance or a cyber warranty? Resilience is more than protecting against an attack, it is knowing precisely how your organisation will respond so you can minimise the costs and the damage.

“If you stop ransomware before it installs, it’s quick and easy to restore your systems and won’t cost you too much,” says Frost. “If you stop it after installation, the price tag will depend on how far down the line it goes – it can be anything from R1 to R10 million. This is where investing in cyber insurance or a cyber warranty pays off. Not only will this offset a significant chunk of your costs, but your provider can step in and handle ransom payment demands and processes on your behalf if you choose to pay.”

It's worth investing in cyber insurance solutions that come bundled with security packages designed to handle every part of your company’s protection. A managed security services company will have trained forensics professionals with the expertise required to manage a critical situation, reducing its impact by building a firewall around the malware, establishing restore points or rolling back the system. When combined with insurance, expertise and a deep knowledge of your business, managed security services can effectively deliver a high level of protection that will give you peace of mind.

“No solution is perfect, but a combination of different tactics, solutions and user awareness training programmes will take your security very close to that 100% protection you need,” concludes Frost. “And it will take away the sting of an unexpected attack when you have a team of security experts ensuring your data is secure and your bottom line isn’t decimated.”

Share