Pre-Breach Assessments Can Mitigate the Growing Threat of Ransomware

A new report that surveyed 1200 IT security professionals in 17 countries around the world has shown a dramatic rise in companies willing to pay ransoms to threat actors and why pre-breach assessments can help mitigate ransomware threats. An annual Cyberthreat Defense Report (CDR) shows both a substantial increase in companies paying a ransom and an increase in the average size of ransomware payments. The latest figures from the 2022 CDR indicate that 62.9% of victimized companies pay ransoms, compared to 45% in 2019. The increase can be partially explained by the growing trend of ransomware operators utilizing double extortion in which they apply extra pressure by exfiltrating data and threatening to sell it to others or publish the data on the internet if the ransom is not paid. Having the sensitive data of individuals or businesses publicly exposed can be embarrassing, inconvenient, and harmful to one’s reputation. Additionally, companies believe that paying threat actors after an attack is less expensive than attempting to rebuild their systems and reputations on their own.

The average ransom payment continues to increase, reaching almost $323,000 in the last quarter of 2021, indicating victimized companies are willing to pay large sums of money for access to their own data. This can inevitably escalate ransomware attacks, encouraging more cyber criminals to enter the arena. Aided by ransomware-as-a-service operations, many threat actors will view cybercrime as easy money with little risk of being caught. A new record was reached with 71% of responding companies hit by a ransomware attack in the past 12 months, compared to 62.4% two years previous.

The pressure to pay a ransom is significant; however, ransomware operators don’t usually target companies with the deepest pockets. Ransomware groups’ “sweet spot” is companies that have 5,000 to 25,000 employees. Companies of this size are targeted more frequently than smaller and larger counterparts. This is likely because even though they can afford the high ransoms, attacks are less likely to shut down essential infrastructure or draw the undivided attention of law enforcement agencies and the government.

Benefits of Pre-Breach Assessments

With ransomware groups utilizing different attack methods and techniques to make money, there’s no indication that ransomware incidents will decline any time soon. At SpearTip, we offer a comprehensive set of pre-breach assessments, including a test of companies’ external security controls in which our team simulates attacks from the public internet. The purpose of the simulations is to identify vulnerabilities that allow SpearTip to gain access to your internal environment from a public-facing initial access point, such as email or an unsecured login page. A SpearTip external security assessment (ESA) is not simply a scan-and-send service; we probe for and validate vulnerabilities using advanced penetration testing techniques. Recommendations from the ESA enable your business to harden its overall security posture, better positioning you against external adversaries.

SpearTip also offers an internal security assessment (ISA), which is designed to answer the question ‘In the event a breach of external security controls occurs, what critical systems and data are vulnerable?’ SpearTip’s certified assessors simulate attacks from an internal perspective on the local network, probing all reachable internal systems for vulnerabilities, such as open ports or uncontrolled access points. In addition, SpearTip attempts to move laterally and escalate privileges inside the environment to simulate a threat actor’s behavior. This assessment allows your organization to strengthen internal security controls and mitigate potential damage resulting from a compromise.

Furthermore, our advisory services offerings include executive tabletop exercises custom-designed to strengthen the collaboration among business leaders and promote a common understanding of how leadership teams respond to a security incident. The exercises are based on the most current tactics, techniques, and procedures employed by threat actors, as well as perceived gaps in your current incident response (IR) plan. Following the exercise, we identify key findings, opportunities for improvement, and key takeaways related to current policies and procedures to strengthen your ongoing security posture.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.