It’s no doubt that 2020 was a tough year for everyone, and even more so for information security professionals. In fact, 2020 saw the highest increased rates of ransomware incidents than any other year. The onslaught of phishing scams, malware attacks, and breaches unfortunately has carried on to 2021, but there are plenty of ways to be proactive and efficiently reactive to those situations – which we will discuss at the end.
Unsure what ransomware is or just want to learn more about it? Check out our other information on ransomware HERE!
In 2020, a global pandemic forced almost all industries to transform their work environments to remote work connections. This sudden shift caused many (which is an understatement) unprepared companies to create unintentional vulnerabilities that threat actors could take advantage of. Additionally, a lack of security-awareness training resulted in accidental information breaches via an employee clicking a malicious link in an email. Those two combining factors heavily contributed to the enormous ransomware and phishing incident surge observed in 2020.
Here’s Oli Thordarson, CEO of Alvaka has to say about the recent events in the cybersecurity world:
“We saw a tremendous increase in ransomware attacks that started during the pandemic and continues to occur daily. Companies were forced to adapt quickly to the new situation and that left a lot of vulnerabilities that threat actors took advantage of. Many employers and employees aren’t equipped with the necessary training to handle such a significant IT change, and it unfortunately catalyzed one of the largest ransomware and phishing trends we’ve seen.” – Oli Thordarson, CEO of Alvaka Networks
In the State of the Phish report, over half of the 75% of companies that responded stated they paid the ransom to retrieve their data. However, only 60% of that half actually got their data back and the other 40% were struck with more ransom demands. Additionally, the report displays a sharp increase in phishing attempts throughout the U.S., consequently making the U.S. 30% higher in phishing attacks when compared globally.
Organizations need to thoroughly plan out their recovery methods well before a ransomware incident occurs, and paying a ransom should be a discussed in detail before making that decision.
“Paying a ransom should really be the last option on the table, and it’s all about weighing the risks and rewards. There have been countless cases we’ve seen where the victim pays the ransom and doesn’t receive their data back, and that usually happens when they don’t have a professional consultant– it’s terrible and unfortunate. Paying also gives the criminals a higher incentive to attack you again, which is why it’s important to lock your system down immediately after. It’s not a decision that should be made easily [ransom payment] and should be thoroughly discussed with professionals before doing so.” – Oli Thordarson
There are many solutions to ensure your company is efficiently proactive and efficiently reactive if you ever find yourself in a ransomware incident. A first great step is instituting proper security-awareness training. It was found in a survey that of the 90% of companies that shifted to remote-work environments, only 29% provided their employees with the adequate security training. Incidents such as phishing can be drastically minimized with the use of an advanced email security, such as Alvaka’s Mailworx service. Additionally, implementing security measures and protections such as MFA, software patching, disaster recovery plans, and backups, can significantly decrease your chances of being attacked and improve recovery timeframes.