The End of the Golden Age of Ransomware?
Updated: Feb 22, 2022
Sagi Gidali, Chief Growth Officer at Perimeter81, breaks down the cyber trends, threats and opportunities we should expect in 2022
We’re into our third year of Covid and its various iterations. Fortunately, most economies have bounced back from the crisis unleashed in 2020. Businesses are growing again, but cyber dangers lurk everywhere, from seemingly innocuous emails to infected websites, to vulnerabilities in the software supply chain.
2021 was a big year for ransomware and cyberattacks, possibly even its ‘golden age”, and included successful attacks against the Colonial Pipeline, Volkswagen, Kaseya, T-Mobile, LinkedIn, and more. Market research from Perimeter 81 reveals that a remarkable 65% of companies experienced a severe cybersecurity incident in 2020-21, including 33% from ransomware.
Do we think that 2022 will be any different? Read on to find out.
1. Stay Agile to Stay in Business
Whether we’re post-Covid, in-between variants, or whatever—it’s abundantly clear that our modern global world allows pathogens of all types to spread rapidly. Everyone should have learned by now that businesses must be hybrid. Not for employee work-life balance (which is nice for employees), and not for increased employee productivity (which is nice for employers), but for business continuance (which is nice for everyone).
And, of course, for a hybrid workplace to function, you need an IT infrastructure that lets employees safely connect to your networking resources wherever the resources or employees are located. If you stay secure and agile in 2022 with a Zero Trust Networking Architecture and a Secure Access Service Edge solution, then your employees, customers, and investors will all thank you.
2. Hybrid Work is the Green Way of the Future
When millions of people were sheltering in place or working from home during Covid, the improvement in air quality was pretty much beyond dispute (although there was some fake news about dolphins in the canals of Venice). In addition to better-smelling and better-tasting air, Harvard University has discovered a clear link between exposure to particulate matter in the air and coronavirus death rates.
Governments at the national and local levels are all looking to implement policies to reduce pollution and meet the UN’s 2030 Sustainable Development Goals. Many countries are looking to ban the sale of conventional gasoline and diesel vehicles by 2030.
Congestion pricing will soon be coming to New York, Tel Aviv, and many other cities. While this may be a headache for some or an undesirable additional expense for others, congestion pricing will give millions of workers additional reasons to work from home.
3. Count on Ransomware and Cyberattacks to Continue
The multi-billion-dollar profits associated with cybercrime will ensure that it continues. The only thing that will make a dent in cybercrime will be coordinated action by governments and the private sector. Real success will only come from a sustained combination of cyber, legal, and police actions that will result in the arrest and imprisonment of hackers and the seizure of their assets.
We have seen that this can work: multiple governments working together were able to disrupt the operation of the REvil ransomware gang that was responsible for the Colonial Pipeline cyberattack.
4. Expect Significant Changes to Cyber Insurance
To mitigate the business costs of a cyberattack, 67% of companies reported that they have already purchased cyber insurance, while another 30% are considering it. To date, paying the ransom—primarily through insurance—has often been the quickest and cheapest solution.
In May 2019, the City of Baltimore didn’t pay a ransom of 13 Bitcoin (worth about $100,000 back then), and non-payment cost the city nearly $18 million in cleanup costs and lost revenues—or almost 180 times more.
But as the ransoms have grown, cyber insurance premiums have increased by 50-100%, and insurance companies are looking to limit their cap ransom payments and limit their exposure to clean-up costs.
Some insurance companies have tried to exclude “cyberwar” from their cyber insurance policies, but a $1.4 billion judgment for Merck against Ace Insurance means that cyber insurance companies will need new tactics to avoid further losses. Expect coverage for ransom payments to be capped or end for all new policies.
AXA, one of Europe’s biggest insurers, announced that it would no longer cover ransom payments in its cyber insurance policies at the request of the French justice and cybersecurity officials.
5. New Cybersecurity Regulations
While it’s still early to pass judgment, the Biden Administration’s 2021 Executive Order on cybersecurity is a welcome first step to making the Internet safer. With this Executive Order, the federal government has recognized that we are all part of one giant network and is offering a plan for sustained, coordinated efforts in confronting cybercrime.
The Cybersecurity Safety Review Board has now opened for business. Their near-real- time analysis of attacks will improve response times, reduce the impact of cyberattacks, and help promote best practices, including Zero Trust.
They will be critical for assisting US banking regulators in analyzing the “computer security incidents” that must be reported by all US banks within 36 hours of discovery.
All elements are in place for dramatic change
In 2020 and 2021, ransomware and cybercrime thrived in a vacuum with neither universally deployed cybersecurity solutions nor government supervision. It was like the west part of the US during its frontier period.
In 2022, all the elements are in place for dramatic change. Governments are finally starting to take action following pressure from insurance companies, leading companies, municipalities, hospitals, and suffering citizens.
Hopefully, we are at the beginning of the end for the golden age of ransomware and the start of a safer Internet.
By Sagi Gidali, Chief Growth Officer at Perimeter 81, which aims to simplify cybersecurity. Perimeter 81 is backed by Tier 1 Investors such as Insight Partners, Toba Capital, and others, and has offices in Tel Aviv, New York, and Los Angeles.
For more information about cybersecurity challenges and practices, see the company’s 2nd Annual State of Cybersecurity Report, The Decentralized Workplace & The Cyber Complexity Trap.
Perimeter81 will participate in Cybertech Global Tel Aviv, which will be held (in person!) between March 1–3, 2022. For additional information, please visit the event's official website.