Lessons from the Kaseya global ransomware attack

Issue 3 2021 Editor's Choice

The global Kaseya attack is a reminder that the public and private sector need to change the way cyber conflict is fought. The truth is that attackers still enjoy the advantage. The goal isn't to block and prevent all attacks - an operation like Kaseya and SolarWinds demonstrates that's not always possible - the goal is to quickly detect suspicious or malicious activity and ensure you have the visibility, intelligence and context to understand and remove the threat.

Cybereason and other modern security companies have the technologies – like EDR (endpoint detection and+ response) that can end these ransomware attacks. I believe it is our job to disrupt these operations. Technology, coupled with public and private partnerships is a step in the right direction to help in this fight against the REvil ransomware gangs and others like them.

Lior Div, Cybereason.

We need to shift focus from dealing with ransomware after the fact to disrupting the earliest stages of attacks through behavioural detections – this is the operation-centric approach to cybersecurity. We can’t just focus on the ransomware attack – by then it is too late. Look at the earlier stages of the attack when criminals are inserting malicious code into the supply chain, for instance. The ransomware is the symptom of the larger disease we need to treat.

This newest attack will once again start the debate about whether it makes sense to rip and replace legacy computer networks used by public and private sector organisations. That simply isn't going to fix the problem. We have spent trillions of dollars on cybersecurity over the past 20 years. And in many ways, we're no safer today. We could spend another $250 billion or $250 trillion and it will only incrementally help. What matters is how the money is spent.

In the coming days we will learn the names of companies impacted by the Kaseya ransomware attack. We will also learn if companies are meeting the ransom demands of the REvil gang. In general, it doesn’t pay to pay ransoms. A recent Cybereason global research study found that 80% of companies that paid a ransom were hit a second time.

Overall, paying ransoms only emboldens threat actors and drives up ransom demands. Still, whether or not to pay a ransom is an individual choice each company needs to make. Consult with your legal team, insurer and law enforcement agencies before making any decision. In those rare life or death situations, paying a ransom could very well be the right decision.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

SMART Estate Security returns to KZN
Nemtek Electric Fencing Products Technews Publishing Axis Communications SA OneSpace Editor's Choice News & Events Integrated Solutions IoT & Automation
The second SMART Estate Security Conference of 2024 was held in May in KwaZulu-Natal at the Mount Edgecombe Estate Conference Centre, which is located on the Estate’s pristine golf course.

Creating employment through entrepreneurship
Technews Publishing Marathon Consulting Editor's Choice Integrated Solutions Residential Estate (Industry)
Eduardo Takacs’s journey is a testament to bona fide entrepreneurial resilience, making him stand out in a country desperate for resilient businesses in the small and medium enterprise space that can create employment opportunities.

2024 Southern Africa OSPAs winners announced
Editor's Choice
The 2024 Southern Africa Outstanding Security Performance Awards (OSPAs) winners were revealed on Tuesday, June 11th, at the Securex South Africa Seminar Theatre hosted by SMART Security Solutions.

Resident management app shows significant growth
Editor's Choice
My Estate Life is a mobile app for residents and managers in housing estates and buildings. Its core aim is to be an easy gateway for residents to manage visitors and staff, and to communicate and administer general property in a simple interface.

Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

The future of digital identity in South Africa
Editor's Choice Access Control & Identity Management
When it comes to accessing essential services, such as national medical care, grants and the ability to vote in elections to shape national policy, a valid identity document is critical.

Do you need a virtual CIO?
Editor's Choice News & Events Infrastructure
If you have a CIO, rest assured that your competitors have noticed and will come knocking on their door sooner or later. A Virtual CIO service is a compelling solution for businesses navigating tough economic conditions.

AI-enabled tools reducing time to value and enhancing application security
Editor's Choice
Next-generation AI tools are adding new layers of intelligent testing, audit, security, and assurance to the application development lifecycle, reducing risk, and improving time to value while augmenting the overall security posture.

Perspectives on personal care monitoring and smart surveillance
Leaderware Editor's Choice Surveillance Smart Home Automation IoT & Automation
Dr Craig Donald believes smart surveillance offers a range of options for monitoring loved ones, but making the right choice is not always as simple as selecting the latest technology.