Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
5 Ransomware Predictions for 2024
By Jim McGann VP, Marketing and Business Development, Index Engines
First, let's recap 2023. It took
a 10-minute phone call to cause over $100 million in ransomware damage to a $40
billion company that had thousands of security measures in place. The MGM Grand cyberattack personified how effortless and
damaging cyberattacks have become.
It
created a huge financial loss, weeks of hotel guests locked out of rooms,
elevators that would not come back online, and countless headlines.
Ransomware
has become so commonplace that it takes attacks like this to make headlines.
So, what does this mean for next year?
Based
on conversations with hundreds of organizations around the world and studying
millions of anonymized cyber security analytics through Index Engines'
CyberSense data integrity software, here are 5 unsettling predictions on the
path of ransomware in 2024.
- It's
not going anywhere. Let's get the
low-hanging fruit out of the way. Don't expect anything to change in the
coming year. Ransomware is profitable - a trillion dollar business - and
without international cooperation (and backing), it's not going to slow
down. Attack attempts are going to increase. In 2023, there was a
short-lived decline in Q1 before they surged by 74% in Q2. With the recent success of
both MGM Grand and Clorox's attack (which cost over $25M and made
everything from cat litter to cleaning supplies scarce), the momentum is
with them and the challenge is on for who can cause an even bigger
disruption.
- It's
going to keep getting smarter. Attacks are going to
keep increasing because the cyber criminals keep advancing their
ransomware and making attacks more sophisticated and harder to detect.
Three "un-detection" methods we expect to be standard: 1. Slower change
rates to avoid triggering thresholds, 2. Intermittent encryption that
keeps entropy changes in line with normal use, and 3. Signatures will
change with every attack and become moot outside of recovery situations.
- No
plan, no insurance. Cyber insurance costs
are skyrocketing and limiting the types of attacks they'll cover. The
rates surged by 50% in 2022 after a 73% increase in 2021,
making cyber insurance a $7.2B industry, but the ransom payouts strained
the industry and increased scrutiny over security practices. To qualify
for cyber insurance and affordable rates, organizations need a cyber
resilience plan. Underwriters need to see organizations are implementing
best practices and the latest tools to prevent an attack and be able to
recover when one is successful. Add analytics, immutability and machine
learning to your security pitch.
- Cyber
and Storage will converge. Organizations need
confidence their data is good and not slowly being infiltrated. This will
be the driver for cyber resilience functionality including analytics and
machine learning being adapted into storage and backup solutions to
proactively look for corruption. This is going to provide detection
in as little as a single snapshot or backup cycle and empower a proactive
recovery. Using AI like machine learning looks at how and why things
change. Thresholds can be fooled. Signatures can be changed. But leveraging
machine learning and analytics to look for how ransomware
changes data provides invaluable intelligence on whether the data is
clean, or the storage platform has been infected with ransomware. This
also empowers a timely recovery by being able to restore pre-infiltration
data.
- Recover
or die. Can your organization
survive if it's down for weeks? Months? Maybe. Can it thrive? Never.
Prolonged downtime shuts down businesses, even shuttered one hospital after it couldn't submit claims
for months after an attack took down its systems. St Margaret's may be the
first to admit its closure is due to a cyberattack, but it won't be the
last. Stopping the attack should always be the first goal. Then, you need
a plan in place that can detect and recover from an attack. Consider: if
you detected an attack today, could you confidently restore yesterday's
data and be sure there's no ransomware left in the environment? Last
week's? Would you need a clean room? If you can't confidently answer this
question, your organization may not see 2025.
##
ABOUT THE AUTHOR
Jim McGann VP, Marketing and Business Development
Jim
is a globally-experienced marketing and business development executive
instrumental in developing key relationships and brand development at Index
Engines. Jim is experienced with both large established software firms
and emerging startups and is a frequent writer and speaker in the areas of
ransomware recovery, cyber resilience and unstructured data management.