How can organisations in the Arab Gulf region effectively combat the growing ransomware threat , especially with the rise of AI-driven attacks ?
In the Arab Gulf region , ransomware has become an epidemic . Since 2019 , Saudi Arabia has been a top target for RansomOps gangs . And the GCC remained the most affected territory in the Middle East and Africa , as of 2023 , showing a 65 % increase over 2022 for instances of victims ’ information being posted to data-leak sites .
According to the Known Exploited Vulnerabilities ( KEV ) catalog , maintained by the Cybersecurity and Infrastructure Security Agency ( CISA ) under the U . S . Department of Homeland Security , approximately 20 % of the 1,117 exploited vulnerabilities are linked to known ransomware campaigns . Attackers have become more relentless and more sophisticated , just as regional security teams have become more overworked and overwhelmed by their new hybrid infrastructures .
In today ’ s climate , senior executives approach discussions about cyber-risk with the expectation of hearing unfavourable news . Indeed , matters have escalated of late with the emergence of humanmimicking AI . available . It may be that a patch fixes an error that poses no risk to the enterprise , in which case patching would not have much impact on reducing cyber-risk . Hence , organisations need to look at prioritising patching the assets that cause the most existential risk to the company , maximising their patch rate ( a measure of how effectively vulnerabilities are addressed ) and minimising their mean time to remediation ( MTTR ) for such ‘ crown jewel ’ assets .
How can organisations prioritise patch management to effectively mitigate the risk of ransomware attacks , especially given the speed at which vulnerabilities are exploited ?
The Qualys Threat Research Unit ( TRU ) uses these metrics often in anonymised studies of organisations ’ cyber-readiness . Our 2023 Qualys TruRisk Research Report found that weaponised vulnerabilities are patched within 30.6 days in 57.7 % of cases , whereas attackers typically publish exploits for the same flaws inside just 19.5 days . That 11-day window is where our concerns should be concentrated . It should spur us to revisit patch management and – if we have not already – to integrate it into our cybersecurity strategy so we can start to close our open doors to attackers .
Saeed Abbasi , Product Manager , Vulnerability Research , Qualys Threat Research Unit
We used to take comfort in the fact that at least AI could not be creative like people could . But that was before Generative AI came along and left us speechless – with delight or dread , depending on our day job . For security professionals , it is the latter because every new technology that arrives will eventually get exploited by threat actors . AI and its generative subspecies can make it easier to find vulnerabilities , which implies there will be a surge in the volume of zero-days . And GenAI can pump out convincing phishing content at a scale unreachable by human criminals .
But in a break with tradition , I offer good news . In the daily struggle with ransomware threats , the answer lies in the daily fundamentals of IT admin . Patch management is the keystone of cyberresilience . As each vulnerability becomes known and fixes are released , that dreaded countdown begins again .
Whether threat actors have beaten vendors to the punch by publishing an exploit before the patch was released or not , organisations must be prepared to act strategically when fixes become
If we imagine a graph of MTTR plotted against patch rate for every vulnerability , then we can imagine four quadrants , defined by combinations of ‘ high ’ or ‘ low ’ for our two metrics . Our sweet spot is in the bottom righthand corner , where patch rate is high and MTTR is low . We could call this quadrant , the ‘ Optimal Security Zone ’. If a vulnerability is in this zone , we are unfazed by it . It is low-risk because it is patched and resolved quickly .
In the top right , we find that patch rate is still high , so we call this the ‘ Vigilant Alert Zone ’, but incidents take a longer time to remediate ( high MTTR ). But while this is a higher source of concern , it is less worrying than if a vulnerability falls in the bottom left quadrant – the ‘ Underestimated Risk Zone ’. Here , we find overlooked vulnerabilities ( low
Attackers have become more relentless and more sophisticated .
WWW . INTELLIGENTCISO . COM 49