Cyberattacks keep increasing, but are we doing enough to stop them?
Ransomware attacks increased by 118% in 2019. How do we stop them? It starts with corporate awareness and creating a wider value for cybersecurity.
In 2018, reported ransomware attacks decreased dramatically. By 2019, however, that trend reversed and ransomware attacks increased exponentially. According to McAfee Labs, in the first quarter of 2019, ransomware attacks grew by 118%. City governments, hospitals, and schools have been the most notable targets for malware threats, but businesses—from small to large—have not gone unscathed.
With the rapid increase in ransomware attacks, we are faced with a difficult question: are we taking this threat seriously enough? And if not, what more can we do to protect our personal, corporate, and government data?
The Increasing Cost of Ransomware
Ransomware is a type of malicious software that infiltrates a network, device, or server and holds data hostage until a ransom—typically requested in Bitcoin—is paid. This threat is so prevalent that corporations have resorted to purchasing cybersecurity insurance in the event that an attack requires either a large ransom payout or data recovery.
After a ransomware attack on Lake City, FL, the city paid nearly $460,000 in ransom in hopes of receiving the decryption key and recovering their data quickly. Baltimore, also the victim of a cyber attack, opted not to pay the ransom and has spent millions in recovering their data. The FBI strongly encourages organizations to avoid paying a ransom. Payment lets cybercriminals know that their methods are working and it does not always result in data recovery.
Placing Value on Cybersecurity
Part of the dilemma faced by many organizations isn't the lack of resources to make their networks secure, it is the lack of awareness and value for cybersecurity.
According to Mimecast's 2018 State of Email Security report, we're failing at cybersecurity only because we aren't paying attention to the problem. Many ransomware attacks occur because a target clicked on a link in a phishing email. Our lack of training, awareness, and value for cybersecurity puts companies, cities, and healthcare systems at major risk. And that awareness needs to start at the top.
In fact, 40% of IT departments felt that the weakest link in their cybersecurity was their CEO. When executives don't place a priority on security, that same approach filters down into the corporation. A top-down system for following through on security measures, however, encourages the rest of the organization to be diligent in managing devices, monitoring public network use, and understanding how to avoid phishing schemes.
A More Serious Approach to Security
How do we improve our cybersecurity and decrease our risk of being infiltrated by ransomware? The best approach is multifaceted:
- Security teams should be considered essential to the organization
- Pursue understanding at the Executive level
- Provide training for employees at every level of the organization
Cybersecurity teams are trained to monitor every device, network, and backup, ensure patches are in place, and keep every piece of technology up to date. They are an important part of any company. However, their work can be undermined when employees and executives are not trained to recognize and clearly understand cyber threats.
Ransomware and other cyber attack methods are a serious issue in today's world. When the issues of cybersecurity within businesses, governments, healthcare systems, and schools are avoided, undervalued, or overlooked, the risks and costs of falling victim to ransomware are high. The role of Cybersecurity goes beyond the IT services department, and it is a role we must learn to take more seriously.