Lessons from the Kaseya global ransomware attack

Issue 3 2021 Editor's Choice

The global Kaseya attack is a reminder that the public and private sector need to change the way cyber conflict is fought. The truth is that attackers still enjoy the advantage. The goal isn't to block and prevent all attacks - an operation like Kaseya and SolarWinds demonstrates that's not always possible - the goal is to quickly detect suspicious or malicious activity and ensure you have the visibility, intelligence and context to understand and remove the threat.

Cybereason and other modern security companies have the technologies – like EDR (endpoint detection and+ response) that can end these ransomware attacks. I believe it is our job to disrupt these operations. Technology, coupled with public and private partnerships is a step in the right direction to help in this fight against the REvil ransomware gangs and others like them.

Lior Div, Cybereason.

We need to shift focus from dealing with ransomware after the fact to disrupting the earliest stages of attacks through behavioural detections – this is the operation-centric approach to cybersecurity. We can’t just focus on the ransomware attack – by then it is too late. Look at the earlier stages of the attack when criminals are inserting malicious code into the supply chain, for instance. The ransomware is the symptom of the larger disease we need to treat.

This newest attack will once again start the debate about whether it makes sense to rip and replace legacy computer networks used by public and private sector organisations. That simply isn't going to fix the problem. We have spent trillions of dollars on cybersecurity over the past 20 years. And in many ways, we're no safer today. We could spend another $250 billion or $250 trillion and it will only incrementally help. What matters is how the money is spent.

In the coming days we will learn the names of companies impacted by the Kaseya ransomware attack. We will also learn if companies are meeting the ransom demands of the REvil gang. In general, it doesn’t pay to pay ransoms. A recent Cybereason global research study found that 80% of companies that paid a ransom were hit a second time.

Overall, paying ransoms only emboldens threat actors and drives up ransom demands. Still, whether or not to pay a ransom is an individual choice each company needs to make. Consult with your legal team, insurer and law enforcement agencies before making any decision. In those rare life or death situations, paying a ransom could very well be the right decision.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

What South Africans need to know about smart devices
Technews Publishing Editor's Choice
We live in a world surrounded by smart devices, from our pockets to our driveways and living rooms.

From overwhelm to oversight
Editor's Choice Cyber Security Products
Security automation is vital in today’s world, and Microsoft Sentinel is a widely adopted, but complex answer. ContraForce is an easy-to-use add-on that automatically processes, verifies and warns of threats round-the-clock.

SMART Surveillance Conference 2023
Technews Publishing Editor's Choice CCTV, Surveillance & Remote Monitoring Conferences & Events
Some people think the future is all about cloud technologies, but the SMART Surveillance conference demonstrated that AI is making edge surveillance much more attractive, over distributed sites, than ever before.

Has your business planned for the worst?
Editor's Choice Cyber Security Security Services & Risk Management
Incident response is a specialised part of security, like a hospital's intensive care unit: IR kicks in when the organisation detects a breach of its systems to stop criminals from doing more damage.

Making a difference with human intelligence gathering
Kleyn Change Management Editor's Choice
Eva Nolle believes that woman should stand their ground as they often bring an entirely different skill set to the table, which enhances the overall service delivered.

Milestone celebrates women in security
Milestone Systems Technews Publishing Editor's Choice News Conferences & Events
The Milestone Systems’ African team wanted to express their appreciation for the incredible contributions of the women in the security industry and held a breakfast in honour of the hard-working women in the industry on 8 August.

Supporting CCTV intelligence with small and big data
Leaderware Editor's Choice CCTV, Surveillance & Remote Monitoring
The increasing development of AI and its role in enhancing investigation-led surveillance, and the increasing capacity of control rooms and local analysts to deliver data in return, can increase the synergy between intelligence and surveillance.

Overcoming resistance to changing your current operating model
Editor's Choice Integrated Solutions
Business survival goes beyond cutting costs and driving efficiency, it’s about using data and technology as strategic assets to develop speed, agility and resilience, keep up with customer demands, beat the competition and grow the business.

The road to Zero Trust not necessarily paved with gold
Editor's Choice Access Control & Identity Management Cyber Security
Paul Meyer says that while Zero Trust must be the goal, there are a few potholes to navigate on the journey. Here he expands on these caveats, but also exposes the greatest ally of Zero Trust.

More agile, flexible access management
ASSA ABLOY South Africa Editor's Choice Access Control & Identity Management
Tim Timmins from ASSA ABLOY Opening Solutions examines the growing shift towards cloud access management. How can organisations benefit, and what should they look for when choosing a cloud access control solution?