He does not have any advice for Garmin, but has the following tips for oganisations concerned about ransomware:
- “To minimise the threat of ransomware attacks, organisations must implement adequate resiliency measures to preserve business-as-usual should the worst happen. Non-networked backups and a fallback email and archiving process need to become standard security measures if organisations are to significantly mitigate ransomware threats.
- “Individual users can also assist greatly by being aware of the potential for unsafe attachments, but should also be wary of clicking any email links received in any communication, as criminals are increasingly utilising URL links rather than file-based attachments to infect networks.
- “It is also imperative that remote working software, such as VPNs and any servers are kept up to date in relation to patching, as open source reporting indicates that ransomware threat actors are increasingly targeting Windows Remote Desktop Protocols (RDP) and exploits to initiate compromise.
- “As the more complex threats are often delivered by secondary infection, organisations should also pay particular attention to their patterns of network traffic and data logs to identify any potential compromise. There is a potential short window of opportunity to remediate any initial dropper infection and thereby prevent the further insertion of ransomware.”
IBM Security has also offered advice to the industry more broadly, following the release of a study examining the financial impact of data breaches. it revealed that these incidents cost South African companies R40.2-million per breach on average, among organisations studied. Sponsored by IBM Security and conducted by the Ponemon Institute, the 2020 Cost of a Data Breach Report is based on in-depth interviews with security professional in organisations that suffered a data breach over the past year, so does not necessarily represent the scale of attack in South Africa.
The study identified the three root causes of data breaches as malicious or criminal attack (48%), human error (26%) and system glitches (26%)
On average, malicious or criminal attacks took 191 days to identify and 62 days to contain. Human error breaches took 164 days to identify and 40 days to contain while system glitch breaches took 163 days to identify and 44 to contain.
“It is becoming increasingly important for IT leaders to put security measures in place which reduce the impact of a data breach,” says Sheldon Hand, IBM Security leader for South Africa. “With this year’s study we’re seeing how costs were much higher for South African organisations that had not yet invested in areas such as security automation and incident response processes – and how complex security systems and cloud migration cost companies the most.
“With growing complexities facing companies, putting measures in place which significantly reduce the time it takes to investigate, isolate, contain and respond to the damage, will significantly reduce financial and brand impact.”
As the Garmin breach demonstrated so dramatically, it is not only South African organisations that have been rendered vulnerable by lack of adequate measures.