Exclusive: The rising cost of cybercrime

Victims in the UAE lose US$746 million a year to cybercrime. If cybercrime organisations could be listed on the stock exchange, a new multibillion-dollar industry would emerge. IT and network professionals in a variety of industries have confronted the unexpected challenge of facilitating remote and hybrid working environments over the last two years. As a result, significant changes in remote access architectures and cloud-delivered services were required.

This resulted in a rise in the use of software-as-a-service (SaaS) models in many cases – and, of course, these significant changes have increased cybersecurity risks. Cyber-attackers are taking advantage of changes in business connectivity and devising novel ways to exploit security flaws.

Global cybercrime costs are expected to rise 15% annually over the next five years, reaching US$10.5 trillion by 2025, according to a report by Cybersecurity Ventures. The Middle East has seen an increase in cyberattacks in recent months, including phishing, scams, data breaches and ransomware. The ramifications for businesses ranged from the loss of critical data to financial losses. According to a study conducted by the Ponemon Institute and IBM Security in 2020, the cost of a data breach in Saudi Arabia and the United Arab Emirates increased by 9.4%. In comparison to the global average of US$3.86 million per breach, these attacks cost companies on average US$6.53 million per breach.

Understanding the financial threat to organisations 

Ransomware is just one of many methods used by cybercriminals. To increase the pressure, threat actors employ distributed denial-of-service (DDoS) attacks. DDoS extortion (also known as ransom DDoS) attacks, for example, threaten individuals or organisations with a DDoS attack unless they pay an extortion demand. Last year’s Lazarus Bear Armada (LBA) DDoS extortion campaign used a variety of vectors and methods to target thousands of businesses across a wide range of industries. DDoS extortion attacks grew by a staggering 125% in 2020, according to data from NETSCOUT’s 16th annual Worldwide Infrastructure Security Report (WISR).

To cause even more havoc, triple extortion attacks combine file encryption, data theft and DDoS attacks. SunCrypt and Ragnar Locker, two ransomware gangs, were among the first to use this method. Today, it is distributed through well-organised business models such as ransomware-as-a-service, affiliations and support centres.

Many victims of these attacks are tempted to pay the ransom, if only to try to limit the damage caused by the prolonged shutdown. This is one of the reasons why cyber insurance has become such a popular option for businesses looking to cover the costs of a cyberattack.

Investing in security is critical

With the rising cost and complexity of cyber insurance, it’s clear that simply protecting against cyberattacks isn’t enough. In fact, according to a recent Accenture report, as the cyber insurance market matures, underwriters will have access to a wealth of data that will help them weed out the high-risk companies that don’t practice good cyber hygiene. These insurers will increasingly reward companies that can demonstrate strong cybersecurity best practices, such as the ones listed below:

• Keeping the network breach at bay. Users should be educated on proper cybersecurity hygiene and network and endpoint cybersecurity protection solutions should be used to detect malware, anomalous activity, or indicators of compromise, according to best practices (IoCs).

• Paying attention to the fundamentals. Back up important data and put data-restoration plans to the test. To avoid compromise, conduct vulnerability assessments and patch and update computer systems as needed.

• Continuous threat intelligence deployment. Keeping up with the latest threat intelligence allows businesses to detect, investigate, or proactively hunt for indicators of compromise (IoCs) that could lead to a ransomware attack.

• Using effective DDoS protection. DDoS attacks are becoming larger, more frequent and more complex. A hybrid, intelligent combination of cloud-based and on-premises DDoS mitigation is among the best DDoS mitigation practices.

Adversaries, as we all know, thrive on constant innovation. Attacks will only become more sophisticated and threat actors will continue to develop and weaponise new attack vectors designed to exploit the vulnerabilities exposed by this massive digital shift. As a result, security professionals must maintain vigilance in order to safeguard the critical infrastructure that connects and enables the modern world.

Fighting cybercrime is a multi-front battle and today’s DDoS attacks are sophisticated, multi-vectored and dynamic. To adapt to today’s constantly evolving threat tactics, businesses must continue to invest in security. The stronger a company’s defence, the better equipped it will be to combat the growing number of cyber threats.

By Gaurav Mohan, VP Sales, SAARC & Middle East, NETSCOUT