Ransomware is malware an attacker installs on a victim’s system via a phishing attack or infected website to lock or encrypt a victim’s data until they pay large sums of money.

Some ransomware variants could infect multiple systems at once and disable an organization’s operations for days, and sometimes even weeks.

Ransomware attacks have risen 13% since 2019, with an average cost of $1.85 million. There are $1.7 million ransomware attacks every day. Phishing and business email compromise make up the prime vectors for these attacks to succeed.

Email phishing is a social engineering technique that uses email to deceive end users into providing sensitive information, such as:

• Passwords
• Social Security numbers
• Payment card numbers

It’s also one of the main delivery methods of a ransomware attack.

A phishing email will typically use an attachment that looks trustworthy to carry the ransomware program; it infects the target’s computer when you open it and may spread to other systems.

Business email compromise is a specific corollary of phishing. It’s a heightened level of deception that involves impersonation, as the attacker uses artificial intelligence to create behavioral profiles of key executives and mimic email behavior.

An employee will receive an email that asks for sensitive information like a request to switch account numbers, or to move funds from one bank to another. However, the attacker will make the email look as though it came directly from a C-level executive, which is why these attacks have also become known as CEO fraud.

Ransomware is the most common type of cyberextortion. Cyberextortion occurs when cyber-criminals demand payment through the use of or threat of some form of malicious activity against a victim, such as data compromise or denial-of-service attack.

Victims of ransomware usually face demands to pay criminals in cryptocurrency. However, reports also exist of other currencies, gift cards, and ransoms of up to several thousand dollars, with some payments in the millions.

A ransomware attack places the organization’s data at high risk, as cyber-attackers will now exfiltrate the data and most attacks are now double extortion attacks. According to BlackFog, 89% of reported ransomware incidents in 2022 used data exfiltration.

The threat of leaking sensitive data to the public and to the Dark Web has become a ploy to threaten businesses with releasing potentially sensitive information.

Data Types Susceptible to Cybersecurity Threats

• Source code. Code that houses the building blocks of any proprietary software.
• Proprietary information and systems. Databases that include trade secrets, business strategies, product designs, and even operational procedures.
• Personal identifiable information (PII). Data that could identify a specific individual and can identify, contact, or locate a particular person on its own or with other information.
• Protected health information (PHI). Information about health status, provision of health care, or health care payments that can link to a specific individual.
• Customer lists. A data set that may contain PII, contact information, proprietary research, financial information, or competitive analysis. This data is usually intended for internal use only.

There’s much debate circling the central question of a ransomware attack; if you get hit, should you pay the ransom?

The US Department of Justice recommends not paying a ransom as it doesn’t guarantee you’ll be able to recover all of your data; some victims that paid a ransom were targeted again because they paid, and paying encourages more of this cybercriminal activity.

The FBI and the Cybersecurity & Infrastructure Security Agency (CISA) suggest ransomware victims notify law enforcement so they can track incidents and assist in future prosecution.

In the end, organizations have to weigh the costs and benefits of how much money they lose each day that attackers lock them out of their systems—and determine the risk and benefits of paying.

Hacking refers to activities that seek to compromise systems. Gaining access to IT systems from outside an organization is still a cybersecurity threat that requires organizations to prepare. Hacking gains access to sensitive data and exfiltrates that data for profit, or just for the thrill.

Hacking uses numerous methods to try and gain access to systems, including social engineering, tricking staff into revealing usernames and passwords, or exploitation of software vulnerabilities and misconfigurations.

If a hacker can’t get through the firewall protecting a target’s network infrastructure, then they’ll move on to the next easiest place, which is the network’s applications and systems.

With the move of infrastructure and applications into the cloud, the cloud-based configuration issues have become a prime target for attackers and cybercriminals. Most organizations will have cloud misconfigurations due to lenient access control, lax storage policies, or publicly exposed assets.

Hackers can also exploit another vulnerability: outdated or unpatched software. Software companies frequently release patches, which critically secure the application’s security vulnerabilities but can take time to install.

Zero-day vulnerabilities are those vulnerabilities that leave no time to fix them before they are exploited by an attacker. Sometimes these vulnerabilities are known to a vendor, but they don’t have a patch, or it can’t be patched. 

Although it’s difficult to hear, many cybersecurity breaches come from inside an organization.

Roughly one-third of data breaches reported last year emerged from an insider, contractor, or an employee. Insider threats are classified as malicious threats, unhappy workers, and accidental errors. According to the Gurucul 2023 Insider Threat Report, 74% of organizations say insider attacks have become more frequent and more than half have experienced an insider threat in the last year.   

Insider threats are more difficult to detect, and an employee can cause them intentionally or through negligence.