Mark Child
Mark Child (Associate Research Director, European Security)

Ransomware attacks have been one of the most high-profile scourges of business over the past decade — and the threat shows no signs of abating. If anything, it has become more prevalent as “ransomware as a service” has lowered the entry barrier for threat actors.

Innovation by cybercriminals keeps security teams on high alert. When governments and security agencies advise organizations not to pay ransom, attackers may switch to extortionware approaches.

Or, sticking with ransomware, they may use AI to augment their capabilities, refine their lures, automate attacks, or hit hundreds or thousands more organizations than they would have been able to previously.

This Is Going To Hurt

According to IDC’s Future of Enterprise Resilience Survey, conducted in November 2023, 63.4% of EMEA organizations with 500 or more employees suffered a ransomware attack that blocked access to their systems or data in 2023.

Which assets are being impacted? According to the survey respondents, the most frequently impacted resources were collaborative applications (37%) such as MS 365 or Google Workspace. These were followed by virtual or physical servers (35%) and public cloud IaaS and PaaS (also 35%). For 34% of organizations, ransomware attacks impacted their partner, supplier, or customer systems.

These impacts reflect the infrastructure and environments in which most modern organizations operate: cloud-based infrastructure and platforms running cloud-based collaborative applications on enterprise licenses for cost efficiency and productivity, often within broader digital ecosystems to enhance operational efficiency.

Targeting what has become the critical infrastructure for operational capability gives cybercriminals the greatest leverage over their victims. The hackers strive to ensure there is no choice but to pay the ransom.

The Best Defense is… Multi-Layered

Despite the rising volume of attacks, more than one-third of the surveyed organizations stated that no ransomware attacks had managed to block access to their systems or data. These organizations highlighted some of the key technologies that helped them detect the attacks before the malware was able to deploy.

The most frequently cited tool was a cloud security gateway/cloud access service broker (CASB, 30%). This aligns with the operational environments described above, placing protection where it is needed most. Deploying a CASB provides visibility and control over cloud environments and assets, enabling quicker detection and containment of potentially malicious activity.

Threats can come from within the organization as well as outside. A further 26% of respondents said they used specific security analytics aimed at detecting insider threats. The third most common response was SIEM systems (25%), which help by correlating data from multiple sources to identify suspicious patterns and anomalies before an attack. Organizations also mentioned that NDR, identity analytics/UEBA, and EDR helped with detection.

Fundamentally, there is no single technology that is a silver bullet against ransomware. Effective protection depends upon a layered approach that aligns security controls to the environment, infrastructure, and processes of the organization.

As attacks grow more prevalent, fueled by ransomware as a service and AI-augmented attack campaigns, EMEA organizations need to be on their guard with a mix of technologies to detect and contain malware payloads before they can be deployed.

Spread the love