2021 was a year filled with headlines depicting an influx in ransomware attacks on targets like Kronos, disrupting businesses both large and small.
According to cybersecurity thought leader Black Kite, the reported number of compromising events increased by 17% in 2021, making it a record-breaking year. And as we enter 2022, the risk of cyber attack continues to increase exponentially.
The Imminent Threat of Ransomware
Over the past few years, we’ve seen ransomware operators evolve from individuals and disorganized splinter groups to highly sophisticated organizations that collaborate with nation states. These groups target everything from SMBs, to heavy industry, to software supply chains, creating an extremely lucrative, franchise-like business model in the process. These ransomware attacks are no longer focused on selling stolen data. Instead, these attacks use malware to blackmail victim organizations.
How to Protect Yourself From Ransomware Attacks
Risk management strategies haven’t changed, with most methods of prevention having existed for nearly a decade. The good news is, if you can master the basics, you can go a long way in preventing a breach within your organization. And by adopting a modern mindset and understanding new ways cybercriminals work, you can increase your defense against these lucrative and immoral RaaS groups.
Here are some questions you, as a CISO, should be able to answer with regard to your company:
- Do we have a clear strategy for dealing with ransomware?
- Are we aware of the legal repercussions of a ransomware attack? Do we have a legal team in place to respond in the circumstance of a ransomware attack?
- Do we have the technical capacity/bandwidth to deal with a ransomware attack? Or, will we need outside support — and if so, where will we find it?
The Extensive Threat These Attacks Create
Kronos. Colonial Pipeline. JBS. Kaseya. These are only a handful of high-profile victims infected in 2021 by sinister-sounding groups such as DarkSide, REvil, and BlackMatter.
While the impact of RaaS groups is felt most by businesses, there has also been a damaging domino effect for the community. When enterprises are impacted, so is the livelihood of their employees and the ability of their customers to receive important goods and services.
The scope, quantity, and severity of ransomware attacks in 2022 will grow considerably, propagating new attack methods faster than ever before. Whether you are a small business or large enterprise, at some point, you will likely be targeted by a ransomware attack.
This year, remember that managing third-party risk matters. Employee security training matters. Regular maintenance and patching matters. While the biggest cyber threats of 2022 remain to be seen, mastering the basics will ensure that you’re not one of the biggest victims.