By Ram Levi
If there's one field that has flourished during the COVID-19 pandemic, it's cyber. This conclusion can be reached by simply considering the wave of ransomware attacks, which did not skip Israel, across the globe. The data is unequivocal: criminal organizations around the world jumped on the bandwagon of rapid digital acceleration that was forced on businesses out of necessity, a leap that was often made without cyber protection.
In other words, the attack surface is growing. Many businesses are exposed to attacks, and the damage to the economy—though it cannot be seen—is real. The National Institute of Standards and Technology (NIST) estimates that the US lost between 0.9%-4.1% of its GDP due to cyberattacks. In comparison, Israel’s GDP in 2020 was $334 billion, and if one assumes Israel suffered the same damage as the US, this amounts to a loss of between $3 billion and $13 billion per year for its economy. What chunk out of the whole amount is due to losses as a result of ransomware attacks? It is unclear, but as this threat increases, so will the share it constitutes. Therefore, this statistic should make all of us concerned.
Of all the different types of attacks, ransomware attacks pose the most significant threat at the moment. Ransomware limits access to an organization’s computer systems, usually by encrypting files that are later released in exchange for payment. A ransomware attack isn’t a technical malfunction, but rather an attack by a malicious actor that creates a malfunction effect. Technical malfunctions occur very frequently but it usually takes hours, or even up to a few days, to repair them. In contrast, the average recovery time from a ransomware attack is 21 days, and is characterized by a long line of costs, which continues to grow long after the attack is over and the hackers have already moved on to their next target.
Therefore, organizations that experience ransomware attacks realize very quickly that the risk to their reputation, which concerned them greatly before the attack, is usually less than the risk of not being able to continue working following the attack, and the loss of profits following the long downtime is significant. For this reason, many organizations tend to just "pay up and end it", and the hackers are very much aware of this consideration.
The ransomware attack industry is an organized crime industry, which is becoming more and more professionalized and sophisticated. A few dozen specialized cybercrime groups are responsible for most of the ransomware damage around the world. These groups attack a wide variety of targets, from hospitals and schools to service providers and insurance companies. The most worrisome trend is the attacks on hospitals. In 2020, 25% of the information leak incidents were a result of attacks on the health system. Some 47% of the leak cases were preceded by a ransomware attack. Leakage during such an attack occurs when an organization does not pay the ransom—and we know of quite a few health organizations that chose to pay, prioritizing human life over money.
Data provided by Coveware, a company that provides ransomware response services for insurance companies, shows that the average number of days that organizations were shut down in the fourth quarter of 2020 was 21, an increase of 11% from the third quarter of the same year.
Seventy percent of the ransomware attacks in the fourth quarter of 2020 also included a threat to leak information—up 43% in comparison to the previous quarter. The average ransomware payment in the fourth quarter of 2020 was $154,108, a 34% decrease from the previous quarter, most likely because organizations are less worried about information leaks, and have a higher level of ability to recover in a shorter period of time. The report also shows that the median number of employees of the attacked organization was 100, a 67% increase in comparison to the first quarter of the year.
The increase in the statistics is due to a number of trends.
-Double extortion: hackers leak information from the organization’s network, encrypt the network and then ask for a double ransom—the first for decryption, the second for not publishing the leaked materials. This is the most prominent and dangerous trend in 2020.
-Regulatory risks in exposing sensitive information or paying the ransom have become very significant, especially in light of Europe’s General Data Protection Regulation (GDPR).
-The attack surface and variety of targets have increased following the outbreak of the COVID-19 pandemic.
-More attackers. As aforementioned, the ransomware attack industry is becoming more and more professionalized and sophisticated. A few dozen specialized cybercrime groups are responsible for most of the ransomware damage around the world.
But the main reason for the increase in numbers lies in the problem of attribution, or rather in the inability to identify with certainty the attackers. Even in cases where identification is possible, it is difficult to bring the perpetrators to justice. Therefore, cyberattacks are sometimes perceived by the perpetrators as zero-cost operations. In other words, crime pays, very much. The absurdity is that today, those who are punished are the hacking victims, while the hackers themselves are rarely held accountable. This moral absurdity must end.
As Plato wrote in "The Ring of Gyges" (which enabled the subject to do as he pleased, as an invisible man): "No man would keep his hands off what was not his own when he could safely take what he liked out of the market, or go into houses and lie with any one at his pleasure, or kill or release from prison whom he would, and in all respects be like a God among men." This, more or less, is the current situation on the cyber front.
Due to all of these reasons, 2021 must be the year of national cyber protection. It must be understood that as long as countries do not have enforcement and punishment capabilities, organizations have almost no other choice except protection and insurance.
The state, and all of its authorities, must assist and direct a serious, effective national campaign to inoculate the economy against cyberattacks. The largest cyber market in the world is here, in Israel. It must be made accessible to those who need it. Tax benefits must be given to companies that invest in cyber, and massive training of manpower must be quickly promoted. Regulatory barriers must be removed, and the sale of cyber insurance policies by cyber consultants, not only insurance agents, must be allowed. Israel can and should be the world champion of cyber protection, and the chance to do so is now.
The writer is the founder and CEO of Konfidas.
This article is part of the “Post 2020: the new digital age after COVID-19” series. The Cybertech Global conference will take place in Dubai on April 5-7. Please join us, in person or remotely. For more information, please visit: https://cybertechconference.com