THE Covid-19 pandemic and the resulting impetus for business digitalisation have accelerated Malaysia’s digital economy by leaps and bounds.
However, that has also invited an onslaught of opportunistic cyberattacks, with the Malaysia Computer Emergency Response team reporting over 8,000 cases this year alone.
Ransomware, a type of malware that locks and encrypts sensitive data on a user’s device, is a particularly worrying problem that has been exacerbated by the rush to digitalise.
In July 2021, the Malaysian Employers Federation suffered a ransomware attack involving its encrypted accounting data and its servers were down for three days.
Months later, a hacker attacked Penang-based web hosting service Exabytes – disrupting its Windows virtual private server and Windows hosting services – and demanded a ransom of US$900,000 in cryptocurrency.
While both companies managed to restore their servers within days, there is no question that ransomware attacks are a serious threat that Malaysian businesses must tackle head-on, or leave themselves exposed to the consequences.
Understanding ransomware and how it happens
What makes ransomware so dangerous is that it does not just infect or corrupt files and devices.
Once ransomware gains access to a device or database – usually by masquerading as a suspicious file or link – it renders critical data inaccessible to anyone without the correct key.
The hacker will demand an exorbitant ransom for the key, and failure to pay up within the time limit usually results in the destruction or public release of the data.
This can have catastrophic consequences such as being a serious breach of user privacy and/or exposing trade secrets.
With more organisations moving to the cloud to accelerate their digital transformation, more robust endpoint security is needed to defend against ransomware because ransomware programs can also take advantage of the cloud’s enhanced, always-on connectivity to spread.
For instance, a malicious software or app on an infected device can request access to the organisation’s cloud.
Once granted, the program can then encrypt data directly in the cloud and even cross to other connected users, quickly multiplying the severity of the attack.
Organisations that handle sensitive data or need uninterrupted data access are more vulnerable to ransomware – and more likely to pay up.
In 2021, Colonial Pipeline, the US’s largest pipeline system for refined oil products, paid a reported US$5 million ransom to hackers after an attack on its IT network forced it to shut its entire pipeline down and caused major disruptions to gas delivery.
However, paying isn’t always the answer; while 33% of companies hit with ransomware globally in 2019 decided to pay, 22% never regained data access and 9% even faced more attacks.
Preventing ransomware attacks
Given the devastating disruption of a ransomware attack and the huge sums involved, the adage “prevention is better than cure” carries extra weight here.
The first step that Malaysian organisations should take is to shore up their security infrastructure with a strong, reliable endpoint security solution.
Cybersecurity solutions are typically installed across endpoint devices and can detect and block malware from infecting devices in the first place.
Other preventative functions include ensuring updated device security and warning users of malicious websites or folders.
Besides that, email security must also be a top priority for companies as email phishing, one of the most popular attack vectors, is on the rise – at least 442,439 phishing attempts were made on Malaysia’s small and medium enterprises in the first half of 2020.
Ransomware attackers “bait” people into clicking on disguised links or files in their email, which downloads the ransomware.
This can be addressed by secured email gateways and email security solutions, which can filter email communications to prevent threats from ever reaching users, while web filtering solutions can stop users from proceeding to dangerous sites.
Many Malaysians are now using their own devices to work from home, which – while undoubtedly more convenient – presents a serious cybersecurity issue.
Personal devices are likely to be far less secure than work devices as they often have less robust protection plans and/or access the internet via unprotected networks.
As employees are often a business’s biggest security risk, businesses must mitigate the risk by providing cybersecurity training from IT experts, as well as making sure that employees can identify threats and follow cybersecurity protocols to avoid being a vulnerability.
As a last line of defence, the importance of having a backup solution cannot be overstated.
With backups, Malaysian firms can restore their data more quickly and are not at the complete mercy of the attacker.
However, for backups to be effective they must be performed and tested on a regular basis.
Companies should also never put all their eggs in one basket. They should have multiple backups – either offline, hosted in a different cloud service, or both.
Staying ahead of the ransomware threat
One positive consequence of Malaysia being a target of cyberattacks is that this has created a nationwide impetus to improve cybersecurity.
In 2020, the Malaysian government launched the Malaysia Cyber Security Strategy 2020-2024 with a RM1.8 billion allocation to boost Malaysia’s readiness in countering cyberthreats, contributing to the country placing fifth out of 194 countries in the Global Cybersecurity Index 2020.
This achievement was further bolstered in 2021 with the government announcing plans to create a specific cybersecurity law to tighten cybersecurity and improve nationwide enforcement.
This progress is very encouraging, but there can be no complacency in digital defence.
Ransomware attacks are ever-evolving and are constantly growing more sophisticated, so there will always be room to improve and grow.
To fully realise the potential of the national digital economy, Malaysian organisations must keep abreast of digital developments, leverage third-party expertise and maintain a robust security infrastructure to confidently pursue growth in the digital age.
Iskandar Ahmat is Cloud4C Country Manager, Malaysia, PIKOM Cybersecurity Chapter Member. Comments: email@example.com