It’s Hunting Season... for Hackers

Ransomware groups are stepping up attacks on critical infrastructure in the US and other nations, underscoring fears of leaders everywhere that the corporate world has become a sitting duck for hackers. 

Last week, one of Australia’s largest port operators confirmed it was the victim of a cyberattack that forced it to close systems for three days. A week before that, hackers breached the networks of both a major US defense contractor and China’s largest bank. The trio of attacks underscores a strategic shift undertaken by ransomware groups: to disrupt companies and functions vital to the operations and activities of daily life. 

Known as “big-game hunting,” this involves targeting government agencies and companies in aerospace and defense, financial services, healthcare, manufacturing, and technology, as well as other industries where cutting off access to data or assets for even a short period of time could create a domino effect that leads to long-term damage. “The game cybercriminals are hunting keeps getting bigger and bigger,” says Craig Stephenson, leader of Korn Ferry’s CIO/CTO practice in North America. 

Defending against ransomware attacks is only going to get tougher, says Stephenson. Ransomware groups, many of which consist of large networks of sophisticated coders and engineers rivaling those of any legitimate tech organization, are already tapping into AI to create malware and find weak spots in company defenses. “The threat potential is even greater now, because AI gives hackers new avenues into organizations,” he says. 

Part of the challenge with ransomware is that paying hackers off, even if they’re demanding millions, is often the quickest and least disruptive option to resolve the attack. And since most companies now carry cybersecurity insurance, that’s what many do. Through the first half of this year, companies have made $449 million in ransomware payments, putting 2023 on a pace to potentially exceed the record of $940 million set in 2021. According to statistics, roughly 70% of organizations experience a ransomware attack each year.

But money, of course, helps fund future attacks by ransomware groups, says Sue Ribot, Global Cybersecurity practice leader at Korn Ferry. “It’s a vicious cycle,” she says. International information-sharing efforts are underway to help curtail the funding routes of ransomware groups. While such large-scale efforts can be helpful, the reality is that many ransomware attacks occur because of an error by an employee, vendor, or partner who inadvertently opens a side door into a network. 

Yet, despite leaders ranking cybersecurity as their top concern in a recent survey, companies are cutting back on investing in protection amid the economic slowdown. Cybersecurity budgets only grew 6% between 2022 and 2023, a drop of 65% from the 2021-2022 budget cycle. “Now is not the time to be pulling back on funding for cybersecurity,” says Ribot. 

To be sure, Ribot says she’s heard many chief security officers (CSOs) complain of not having money to make the investments or hires necessary to effectively do their jobs. And information technology and security departments aren’t immune to the layoffs hitting many industries. 

One developing trend, Stephenson says, is the convergence of cybersecurity with other security functions, such as risk management, to give CSOs visibility into all aspects of the organization. Boards are also forming cybersecurity-specific committees and adopting governance procedures and processes around data privacy. In addition, companies are working more with threat-prevention firms and ransomware-negotiation specialists like Arete IR and CrowdStrike. “You are never going to prevent a cyberattack,” says Stephenson, “but the goal is to reduce the risk as much as possible.”

Listen to the Briefings Podcast episode, “Your Money or Your Data.”

Learn more about Korn Ferry’s Organization Strategy capabilities.

Read more This Week in Leadership articles