“The average ransom that companies paid to hackers who attacked their networks climbed by 60% over the past year, reaching $178,000 per attack,” Roee Schreiber, Security Managing Director at Accenture Security said in an interview during Calcalist’s Cyber Week. “As part of our cyber threat intelligence services, we publish a report that reveals to what extent hackers’ daring increases from year to year. Truth is stranger than fiction when it comes to inventing new attack methods,” he said.
According to Schreiber, Covid-19 shattered the common perception of Israeli organizations, such as financial or medical institutions, that they could protect their networks by building higher and higher walls around their systems and digital assets, simply because it is impossible to erect a fortress when people are working out of their living rooms. “The hybrid model of working from home and from the office is not going away anytime soon and it will take years before people at large companies return to work fully from the office. The shift to the cloud is one of the factors that will expedite the process and our job is to help organizations conduct the process securely while taking advantage of the shift,” he said.
“Accenture helps organizations with what we call the ‘secure journey to the cloud’ and this year that journey was accelerated significantly, particularly at organizations that were preparing to do it only in a year or two. There is a great opportunity now for companies to take advantage of their preparation to transition to the cloud to become faster, more flexible, and also more secure. It is wrong to treat the transition to the cloud and the security preparations it requires as processes that delay a company’s advancement, instead, it should be treated as an opportunity to make improvements to the way organizations operate,” Schreiber said.
“It may be a professional secret, but hackers are lazy by nature. They want to reach their targets as quickly and effortlessly as possible. Since it is impossible to hermetically seal all of an organization’s fronts, our job is to make sure that attackers have as difficult a time as possible when breaching an organization,” Schreiber explained.
Accenture Security Israel, Accenture Global’s cyber consultancy branch, employs people around the globe who provide end-to-end cyber services, from security checks to aid in transitioning to the cloud and remote security management services.
“In Israel, the company has a cyber lab that investigates the field as well as an offensive arm that knows how to simulate attacks. It’s possible to design protections on paper, but the designs have to be tested and if it turns out they can be breached, they need to be corrected. These are the services the Israeli team provides. With the aid of these simulations, we locate many breaches. Since cyber budgets are not limitless, we want to show our clients what they should be investing in to keep the attackers at bay,” Schreiber said.
“Many organizations carry out ‘war games’ to try and cope with various scenarios, but as part of our practical simulations, we wrote a ransom software that actually makes ransom demands from employees, locks their monitors and mouses and really prevents them from working, to see how they would react in the case of a real attack. There is a vast difference between how people respond on paper and how they respond in practice. We carried out such a simulation with a global resources company that has offices in India and when their office was under attack, we saw that employees tried to restart their computers 10 or more times and that was followed by several moments of silence after which everyone ceased working and seemingly disappeared. Then, suddenly, an hour later, we saw everyone trying to restart their computers again from a different site in India. It turned out that they took their equipment and moved to the other location because they thought that there, their computers would work,” Schreiber recalled.
According to him, such reactions by employees are not geography-specific and can take place anywhere. “We encountered many instances — even in Israel— where employees whose computers were encrypted and needed to be restored were slow to report the malfunction, even weeks after the attack. When we looked into it, it turned out that they had tried to remedy the issue themselves or with the help of their friends. For that reason, we design procedures that must be followed. From that exercise with the resources company, for example, we learned many lessons and converted them into processes that can help companies come out of such incidents in much better shape.”