New data from New Zealand security firm Emsisoft shows that more organizations are being successfully being attacked and held for ransom, putting operations at risk.
I recently wrote about how ransoms have more than doubled in the last quarter alone. There’s apparently more bad news to add fuel to the ransomware fire – the number of attacks is growing substantially. According to new data provided to the New York Times by Emsisoft, the number of organizations submitting files encrypted by new ransomware attacks has jumped from approximately 147K to over 205K – a 41 percent increase in just one year!
This isn’t good news for organizations; ransomware attacks are just the tip of the cyberattack iceberg, with attackers leveraging other attack methods including extortion, data theft, lateral movement, island hopping, and selling achieved access.
If you haven’t been paying attention to ransomware, now is most definitely the time; think about it – more organizations are successfully being hit, ransom demands have increased, and attackers are taking additional precautions to ensure they make money off of you.
Ransomware is no longer a question of how to recover, but how to prevent.
In my experience, bad guys tend to take the easiest routes – and that means using spear phishing attacks to gain entrance into corporate networks. Security solutions intent on detecting and blocking email-based attacks have been shown to only stop some – but not all – of these kinds of attacks.
Users MUST become a part of your organization’s security strategy. In fact, they represent both your last and best line of defense – that is, if properly educated through Security Awareness Training. Proper training gives users the same innate ability to weed out suspicious emails (just like you IT folks) before they click on anything malicious.
We no longer can afford to believe that software alone will address the problem. It’s time to put security into the hands of your users.