It seems like every day we hear more and more news of new security incidents happening all around the world. In today's world it is just an everyday occurrence. Some are in the form of data disclosures, such as the recent Capital One breach, while others are in the form of malware, such as Ransomware attacks. In this article we are going to focus on malware, and more specifically Ransomware.
Rise In Threat Activity
Recent High Profile Attacks
In the past year there have been several attacks against large municipalities. A few examples are listed below.
According to a recent report by Malwarebytes, there has been a 363% year-over-year increase in Ransomware attacks. These attacks are not only targeting businesses but municipalities such as local governments and school systems. Based on research performed by Trend Micro there were over 40 million attacks just in the first 4 months of 2019! To put this in perspective there were a total of around 55 million attacks for all of 2018. That puts us on pace for twice as many attacks in 2019.
What do these numbers mean for your organization? From small organizations to large organizations, public or private, everyone could be a target.
Attacks may start from a variety of methods but one of the most common methods is via Phishing email. Other attacks may exploit bad passwords and spread through unpatched systems. Attackers use this access to steal credentials, add additional user accounts, escalate privileges, and install additional software. These attacks can take months to surface and once the attacker is satisfied that they have learned as much as they can and stolen as much data as possible, they activate the Ransomware.
Why are we so vulnerable?
27% of employees are prone to click phishing emails. Source: 2018 Phishing By Industry Benchmarking Report
93% of data breaches are linked to phishing or other social engineering attacks. Source: 2018 Verizon Data Breach Investigations Report (DBIR)
Ransomware accounts for 24% of malware-related incidents. Source: 2019 Verizon Data Breach Investigations Report (DBIR)
81% of hacking-related breaches leveraged either stolen and/or weak passwords. Source: 2017 Verizon Data Breach Investigations Report (DBIR)
CyberSecurity Ventures, a cyber security magazine, projects that the global loss due to ransomware activity will reach $11.5 billion by the end of 2019. Most of this cost does not come from the ransom itself. Most are incurred through other factors, which must be completed regardless of whether or not you pay the ransom!
Cost To An Organization
Damage, destruction, and loss of data or systems
Lost profits caused by downtime
Post-attack recovery costs to return systems to normal
Expenses for forensic investigation
Investment into new security measures
Lost business caused by the damage to your reputation
Source: Acronis Blog: The Cost of Ransomware: It Isn’t Just About the Ransom Paid
How can BrookeLane Technologies help improve your organizations security posture? There are many tools to help protect against today's cyber threats. The first step toward improving your security posture is to evaluate your current program and your environment. This data can then be used to identify gaps in your security program and prioritize remediation efforts to address the greatest threats.
Even if you think you have a good security program and good tools, without proper configuration these controls can be bypassed with ease. Imagine a steel door with the best lock you can buy. If this door is attached to a flimsy wood frame or if the code to the lock is 1111, then it is basically useless.
Contact us today to schedule your no cost security consultation.
Phone: (256) 369-9980
Email: info@brookelanetech.com
