In today’s digital age, businesses rely heavily on technology to conduct their operations, store sensitive information, and communicate with clients and employees. However, this increased reliance on technology also means that enterprises are vulnerable to cyber threats such as data breaches, malware, and hacking attacks. These threats can result in significant financial losses, reputational damage, and legal liabilities for business entities.
Having a robust cybersecurity strategy in place is crucial to protect sensitive data, prevent cyber attacks, and ensure the continuity of business operations. A well-designed cybersecurity plan can help businesses safeguard their digital assets and maintain the trust of their customers, employees, and stakeholders.
I recently interviewed Steven Scheurmann, Regional Vice President for ASEAN at Palo Alto Networks and we talked about the recent surge in ransomware attacks in the Philippines.
Scheurmann, throughout his career, has worked extensively with both public and private sector organizations, helping them to make strategic investments in technology, embrace digital transformation, and transition to cloud-based solutions. During his stint at the Australian Embassy in Jakarta, he played a key role in the implementation of one of the world’s pioneering electronic visa systems as part of the Department of Immigration and Border Protection. Since then, Scheurmann has held senior executive positions with several multinational corporations and leading Asian conglomerates across the region, including major software and security vendors.
According to Palo Alto Networks’ recent findings, the Philippines has experienced a significant surge in ransomware and extortion cases in 2022, with reported cases across key sectors increasing by 57.4%. In response to these threats, threat actors are resorting to more aggressive tactics and are now harassing individuals through phone calls and emails, specifically targeting those in the C-suite or even customers. This approach aims to pressure them into paying the ransom demand. Unit 42 incident response cases revealed that harassment has become 20 times more prevalent than in 2021. The Unit 42 Ransomware and Extortion Report for 2023 offers valuable insights compiled from approximately 1,000 incident response cases over the past 18 months.
In Southeast Asia, the Philippines ranked fourth, alongside Malaysia, with 11 reported ransomware attacks and a 57.4% surge, accounting for approximately 12% of the region’s attacks. Among the most targeted sectors in the Philippines were Manufacturing, Professional & Legal Services, and State & Local Governments. The country ranked behind Thailand (28), Singapore (18), and Indonesia (14) but ahead of Vietnam (09) in the list of the most attacked countries. The Asia Pacific region experienced a total of 302 ransomware attacks, a 35.4% increase from the previous year. Globally, ransomware demands remained a persistent problem for organizations, with observed payments as high as US$7M (PHP383M). However, effective negotiation can drive down actual payments, as the global median demand was US$650,000 (PHP35.5M), while the median payment was US$350,000 (PHP18.9M).
“How do you convert risk to reward? If you invest in (cyber) security in the right way, you develop an ecosystem, you develop trust and confidence, and you positively impact the Philippines. No one talks about the investment in security because everyone wins. You have created an economy that gets on a platform where people have a level of confidence that it works. Security shouldn’t be a cost. Security done in the right way can deliver the reward,” said Scheurmann on why businesses, big and small, need to prioritize cybersecurity and not treat it as an added cost.
Ransomware groups are increasingly using layered extortion techniques to put more pressure on organizations to pay the ransom. These tactics include encryption, data theft, distributed denial of service (DDoS), and harassment. Data theft, often linked to dark web leak sites, was the most common extortion technique, used by 70% of groups by late 2022, a 30% increase from the previous year. Unit 42 researchers observe an average of seven (07) new ransomware victims posted on leak sites daily, equivalent to one every four hours. In 53% of Unit 42’s ransomware incidents involving negotiation, groups have threatened to leak stolen data on their leak sites. Both new and legacy groups engage in this activity, with established groups like BlackCat and LockBit accounting for 57% of leaks, and new groups making up the remaining 43%.
Palo Alto Networks is a multinational cybersecurity company that specializes in providing network security products and services. Headquartered in Santa Clara, California, their next-generation security platform is designed to protect organizations from cyber threats across their network, cloud, and mobile devices.