Majority of Singaporean firms hit by ransomware sought law enforcement for help: survey

They paid an average of US$1,584,130 for ransom last year, on top of the US$2.2 million of average recovery cost.

According to cybersecurity company Sophos’, 97% of organisations in Singapore hit by ransomware last year sought law enforcement or official government bodies for help.

They mainly received advice on dealing with ransomware (69%) and got assistance from law enforcement to recover their data from the ransomware attack (62%).

“Victim shaming has long been a consequence of a cyberattack but we’ve made progress on that front, both within the security community and at the government level. New regulations on cyber incident reporting, for example, appear to have normalised engaging with law enforcement, and our survey data shows organisations are taking steps in the right direction,” says Chester Wisniewski, director, field CTO at Sophos.

He continues: “Criminals are successful in part due to the scale and efficiency with which they operate. [This calls for] the public and the private sectors to continue galvanising as a group effort to help businesses. [That way,] we can continue to improve our ability to recover quickly and gather intelligence to protect others or even potentially hold those conducting these attacks responsible.”

Ransomware trends

Sophos’ Data for the State of Ransomware 2024 survey also reveals that organisations in Singapore paid an average of US$1,584,130 for ransom last year. This is on top of the average recovery cost of US$2.2 million.

Exploited vulnerabilities were the most commonly identified root cause of a cyberattack, impacting 33% of Singaporean organisations. The impact of cyberattacks originating from exploited vulnerabilities was found to be most severe, with a higher rate of backup compromise (75%), data encryption (67%) and the propensity to pay the ransom (71%).

“The two most common root causes of ransomware attacks — which are exploited vulnerabilities and compromised credentials — are preventable, yet still plague too many organisations. Businesses need to critically assess their levels of exposure to these root causes and address them immediately. In a defensive environment where resources are scarce, its time organisations impose costs on the attackers, as well. Only by raising the bar on what's required to breach networks can organisations hope to maximise their defensive spend,” says John Shier, field CTO, Sophos.

Sophos recommends the following best practices to help organisations defend against ransomware and other cyberattacks:

• Understand your risk profile with tools that can assess an organisation’s external attack surface, prioritise the riskiest exposures and provide tailored remediation guidance.

• Implement endpoint protection that is designed to stop a range of evergreen and constantly changing ransomware techniques.

• Bolster your defences with round-the-clock threat detection, investigation and response, either through an in-house team or with the support of a Managed Detection and Response (MDR) provider.

• Build and maintain an incident response plan, as well as make regular back-ups and practise recovering data from backups.

See Also:

• Click here to stay updated with the Latest Business & Investment News in Singapore

• Cybersecurity matters

• Tech news in less than 5 minutes – May 2024

• Moving towards passwordless authentication

• Read more stories about where the money flows, and analysis of the biggest market stories from Singapore and around the World

• Get in-depth insights from our expert contributors, and dive into financial and economic trends

• Follow the market issue situation with our daily updates

• Or want more Lifestyle and Passion stories? Click here