1,000+ SEC Filings Show Ransomware an On-Going Risk for Public Companies



iStock-845470768As public companies seek to improve their cybersecurity posture, they also work to comply with SEC formal guidance to disclose cybersecurity risk, highlighting ransomware as a key factor.

Ransomware is now listed as a potential risk to business by many public traded companies in their annual reports, quarterly reports, special event filings, and registration forms filed with the US Securities Exchange Commission. These filings help shareholders understand the potential for attack and the possible resulting material impacts that could be incurred, affecting share prices.

As we’re seeing ransomware evolve to include extortion, use Active Directory against you, and use stolen data to spearphish your business partners, the threat is most definitely not just a few machines rendered unusable and a pittance to be paid as a ransom. Today’s ransomware authors are going after publicly-traded companies, as they can get an average ransom of over $110K these days, and can threaten to tip off journalists should victim companies choose not to pay.

More than 1,000 SEC documents filed with the SEC in 2019 listed ransomware, with another 700 doing so already in 2020.

Seeing ransomware listed as a risk factor in SEC filings demonstrates that companies are aware of the threat these attacks pose to the business and its profitability, and are, therefore, proactively listing it as a risk to fend off shareholder lawsuits for negligence.

With Forrester seeing ransomware needing to be a part of your business continuity plan, they highlight the need for Security Awareness Training to improve the employee’s ability to defend against an attack by not engaging with it.

Publicly-traded companies are prime targets and, therefore, need to put effective precautions in place to stop ransomware attacks before they ever take hold. Putting a layered defense in place that include utilizing your employees to spot and stop attacks is going to be the key.


Ransomware Has Gone Nuclear, How Can You Avoid Becoming The Next Victim?

There is a reason more than half of today’s ransomware victims end up paying the ransom. Cyber-criminals have become thoughtful; taking time to maximize your organization’s potential damage and their payoff.

After achieving root access, the bad guys explore your network reading email, finding data troves and once they know you, they craft a plan to cause the most panic, pain, and operational disruption. Ransomware has gone nuclear.

GoneNuclear-WEBINARJoin us for this webinar where, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, dives into:

  • Why data backups (even offline backups) won’t save you
  • Evolved threats from data-theft, credential leaks, and corporate impersonation
  • Why ransomware isn’t your real problem
  • How your end users can become your best, last line of defense

Watch Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/nuclear-ransomware

Subscribe To Our Blog


Ransomware Has Gone Nuclear Webinar




Get the latest about social engineering

Subscribe to CyberheistNews