The benefits of mandatory ransomware reporting

The past year has been particularly productive for ransomware across Asia–Pacific and, while these sorts of cyber attacks aren’t anything new, it’s high time we did something about it.

According to research, ransomware attacks across the region have increased by 102% this year compared to the beginning of 2020. This equates to an average of 1245 cyber attacks suffered by organisations each week.

With Asia–Pacific being the hotbed of innovation it is, ransomware has reached a new level of sophistication in this region as a result and, while efforts to mitigate such attacks have improved, we’re still finding ourselves a step behind. This is a big red flag at a time when economic recovery needs it least.

The intention from organisations to increase cybersecurity headcount this year is just one step in the right direction. This currently stands at two in five (or 40%) — it’s a start in fighting this rising global hazard, but what else can be done to lessen our vulnerability to cyber attacks?

The answer lies with our government. Ransomware is a top threat fast becoming a political priority, with calls to amend the fragmented adoption of reporting cybercrime globally and make it obligatory. Mandatory reporting could help efforts to analyse and combat the rising wave of ransomware, but organisations are wary that reporting could cause more problems than it solves. Here’s why they should reconsider.

Knowledge-sharing leads to better ways of thinking

It’s no secret that organisations are often hesitant to disclose ransomware attacks. We’ve seen this in the US, but at a regional level we’re seeing less than half (43%) of cybersecurity leaders reporting internally after a security incident occurs. From protecting brand reputation to avoiding disruptive law enforcement regulations, this lack of reporting not only thwarts anti-ransomware efforts but contributes to a skewed real-time understanding across the board of the frequency, intensity and sophistication of this type of cyber attack.

If mandatory reporting was put in place ransomware would be more top-of-mind, ensuring organisations fully understand that this is a broad-ranging problem that affects everyone, all the time. A heightened sense of urgency would also be commonplace and ransomware reporting would be treated with the same importance as financial reporting, which we all know is non-negotiable.

Most importantly, mandatory reporting creates a dialogue on how to best take action. A lack of reporting hinders our ability to come up with ways to better protect against ransomware, and the opportunity to put ourselves in a position to anticipate what might come our way next. After all, you cannot prevent something without having the right information to hand. Organisations need to prioritise transparency over reputation, as the ultimate solution to ransomware is via a collective effort of knowledge-sharing to implement protection measures as soon as possible.

Ransomware should not be seen as a crippling threat, but something that can be dealt with. Awareness equals action.

A stronger frontline against ransomware

Mandatory ransomware reporting schemes not only further the benefits of information-sharing around ransomware attacks — what happened, what broke down, how the threat was mitigated and what changed afterwards — but also help meet the full potential of government agencies and advisory committees.

For example in Australia, the Cyber Security Strategy Industry Advisory Committee (CSSIAC) was established last year to help guide the implementation of the nation’s cybersecurity strategy. In South-East Asia, the Monetary Authority of Singapore’s (MAS) Cyber Security Advisory Panel advises on strategies to sustain cyber resilience and trust in the country’s financial system. And in South Korea, the National Intelligence Service is the country’s chief intelligence agency established in 1961, with its latest discovery being that companies and public institutions have been damaged by its neighbour.

By reporting a ransomware attack, data and insights are contributed to such advisories, providing critical information on security issues, vulnerabilities and active cybercrimes that can be added to the armour these advisories are putting in place. For example, these inform publicly available alerts distributed to warn against attacks. Authorities are also able to collect information about the digital wallets ransoms are being paid into, and information about infrastructure being used by criminal groups to target companies, as well as the different ways they get into networks.

Providing valuable threat intelligence and actionable insights about ransomware actors creates a stronger frontline against them. Organisations that conceal the real impact of ransomware hinder the collective effort at national and regional levels to ensure these very businesses are secure, as well as the country’s overall success in combatting ransomware attacks.

There are strong grounds to implement mandatory ransomware reporting to keep organisations honest about their efforts to mitigate what’s become the attack of choice for cybercriminals in Asia–Pacific. It’s high time governments consider the urgency of doing so.

Image credit: ©stock.adobe.com/au/James Thew