Cyber ​​resilience combines data security and protection | Techno Glob

According to Alexander Applegate of cyber security firm ZeroFox, “triple ransom” or “quadruple ransom” attacks, which include distributed denial of service (DDoS) attacks or threats to third parties, are also now part of the modern risk landscape.

Meanwhile, attempted attacks have also become so prevalent that they can be virtually guaranteed. According to a 2022 Sophos survey, 66% of companies experienced a ransomware attack last year, nearly double the 2020 figure. 79% of organizations have been impacted in the past year, according to the Enterprise Strategy Group’s (ESG) 2022 report.

ESG practice director and senior analyst Christophe Bertrand adds the troubling: “I question the 21% who say they have not experienced an attack, because I think the ransomware virus is probably dormant in their system.”

Ransomware attacks have become more intense

Ransomware threats have become more damaging in several dimensions: attacks are increasing, cybercriminals are demanding higher ransoms, successful intrusions are being made to compromise multiple data streams, and attacks are spreading beyond IT systems to critical infrastructure essential to business operations.

A 2022 Sophos report identified a new trend: the franchise business model (“ransomware-as-a-service”) in which gangs sell ransomware kits to other cybercriminals, who carry out the attacks, and then return a portion of the proceeds to the gang. . “When ransomware started, it was a small business picking on unsophisticated users who might pay a couple of hundred dollars to get their data back,” says Hu Yoshida, chief technology officer at Hitachi Vantara. “But now the game has changed dramatically.”

The utility industry has become a tempting target, as disruptions to power, water or critical infrastructure can be harmful to people. The 2021 ransomware attack on the Colonial Pipeline, for example, caused gas shortages in the northeastern United States. And although Colonial Pipeline paid a $4.4 million ransom, the decryption tool provided by the hackers proved so ineffective that the company gradually ended up using its own business continuity system to get back up and running.

Governments and public services have also become ransomware targets. A US Senate committee report reported more than 2,300 known ransomware attacks against local governments, schools and healthcare providers in the US in 2021. In April and May 2022, a series of ransomware attacks crippled dozens of Costa Rican government agencies, including the ministry. finances and the social security system, prompting the President to declare a national emergency.

Download the full report.

This content is produced by Insights, the custom content arm of MIT Technology Review. It is not written by the editorial staff of MIT Technology Review.

Source link