Lessons from the Kaseya global ransomware attack

Issue 3 2021 Editor's Choice

The global Kaseya attack is a reminder that the public and private sector need to change the way cyber conflict is fought. The truth is that attackers still enjoy the advantage. The goal isn't to block and prevent all attacks - an operation like Kaseya and SolarWinds demonstrates that's not always possible - the goal is to quickly detect suspicious or malicious activity and ensure you have the visibility, intelligence and context to understand and remove the threat.

Cybereason and other modern security companies have the technologies – like EDR (endpoint detection and+ response) that can end these ransomware attacks. I believe it is our job to disrupt these operations. Technology, coupled with public and private partnerships is a step in the right direction to help in this fight against the REvil ransomware gangs and others like them.


Lior Div, Cybereason.

We need to shift focus from dealing with ransomware after the fact to disrupting the earliest stages of attacks through behavioural detections – this is the operation-centric approach to cybersecurity. We can’t just focus on the ransomware attack – by then it is too late. Look at the earlier stages of the attack when criminals are inserting malicious code into the supply chain, for instance. The ransomware is the symptom of the larger disease we need to treat.

This newest attack will once again start the debate about whether it makes sense to rip and replace legacy computer networks used by public and private sector organisations. That simply isn't going to fix the problem. We have spent trillions of dollars on cybersecurity over the past 20 years. And in many ways, we're no safer today. We could spend another $250 billion or $250 trillion and it will only incrementally help. What matters is how the money is spent.

In the coming days we will learn the names of companies impacted by the Kaseya ransomware attack. We will also learn if companies are meeting the ransom demands of the REvil gang. In general, it doesn’t pay to pay ransoms. A recent Cybereason global research study found that 80% of companies that paid a ransom were hit a second time.

Overall, paying ransoms only emboldens threat actors and drives up ransom demands. Still, whether or not to pay a ransom is an individual choice each company needs to make. Consult with your legal team, insurer and law enforcement agencies before making any decision. In those rare life or death situations, paying a ransom could very well be the right decision.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Get the AI fundamentals right
Technews Publishing SMART Security Solutions Leaderware Editor's Choice Surveillance AI & Data Analytics
Much of the marketing for CCTV AI detection implies the client can just drop the AI into their existing systems and operations, and they will be detecting all criminals and be far more efficient when doing it.

Read more...
SMART Surveillance Conference in Johannesburg
Arteco Global Africa Technews Publishing SMART Security Solutions Axis Communications SA neaMetrics Editor's Choice Surveillance Security Services & Risk Management Logistics (Industry) AI & Data Analytics
SMART Security Solutions hosted its annual SMART Surveillance Conference in Johannesburg in July, welcoming several guests, sponsors, and speakers for an informative and enjoyable day examining the evolution of the surveillance market.

Read more...
South African fire standards in a nutshell
Fire & Safety Editor's Choice Training & Education
The importance of compliant fire detection systems and proper fire protection cannot be overstated, especially for businesses. Statistics reveal that 44% of businesses fail to reopen after a fire.

Read more...
LidarVision for substation security
Fire & Safety Government and Parastatal (Industry) Editor's Choice
EG.D supplies electricity to 2,7 million people in the southern regions of the Czech Republic, on the borders of Austria and Germany. The company operates and maintains infrastructure, including power lines and high-voltage transformer substations.

Read more...
Standards for fire detection
Fire & Safety Associations Editor's Choice
In previous articles in the series on fire standards, Nick Collins discussed SANS 10400-T and SANS 10139. In this editorial, he continues with SANS 322 – Fire Detection and Alarm Systems for Hospitals.

Read more...
Wildfires: a growing global threat
Editor's Choice Fire & Safety
Regulatory challenges and litigation related to wildfire liabilities are on the rise, necessitating robust risk management strategies and well-documented wildfire management plans. Technological innovations are enhancing detection and suppression capabilities.

Read more...
Managing stock efficiently and cost-effectively
Editor's Choice Asset Management Infrastructure Logistics (Industry)
Rina Redelinghuys, customer services executive at Cquential, a member of the Argility Technology Group, examines stock management across various industries, including retail, fast-moving consumer goods, food and dairy, automotive, apparel, industrial, accessories, paint and chemicals, and pharmaceuticals.

Read more...
Winners of the 2025 Southern Africa OSPAs
Editor's Choice
The winners of the 2025 Southern Africa Outstanding Security Performance Awards (OSPAs) were revealed on Wednesday, 4th June, at Securex South Africa. Winners from all categories (except the Lifetime Achievement) will be featured in the second Global OSPAs set to take place in 2026.

Read more...
Deepfakes and digital trust
Editor's Choice
By securing the video right from the specific camera that captured it, there is no need to prove the chain of custody for the video, you can verify the authenticity at every step.

Read more...
A new generational framework
Editor's Choice Training & Education
Beyond Generation X, and Millennials, Dr Chris Blair discusses the seven decades of technological evolution and the generations they defined, from the 1960’s Mainframe Cohort, to the 2020’s AI Navigators.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.