Forget the Big, Bad, Lone Wolf. Meet the New Cyber Threats.
Articles by: Richey May, Oct 11, 2021
Forget the big, bad, lone wolf. As 2021’s Cybersecurity Awareness Month has begun, we have bigger, more sinister cyber threats to fear.
Ransomware, for one, is still on the rise. According to Fortinet’s 2021 Global State of Ransomware Report, two-thirds of all organizations have suffered at least one ransomware attack. Is it any wonder most organizations place ransomware attacks at the top of their cyber threat lists?
It’s not just the rate of attacks that’s so concerning. Threats like ransomware are also becoming more sophisticated.
Big, Bad Threat 1: Ransomware as a Service
The lone wolf threat actors are still out there, of course. But now they’re giving way to malicious, often state-sponsored groups that are fine-tuning services like Ransomware as a Service (RaaS) for hire. Groups like the Russian hacker organization DarkSide are raking in $90MM a year with this model. As long as there are victim organizations willing to pay ransoms, this trend will continue.
Big, Bad Threat 2: Social Engineering
Also worth noting is the prevalence of social engineering as an incredibly effective, and extremely popular, attack vector. It’s potent because it runs the full gamut of attack types, from malware infection to physical breaches. Considering 85% of breaches involve a human element, it’s no surprise social engineering makes up roughly 35% of all breaches, according to the Verizon 2021 Data Breach Investigations Report.
Your Best Defense: User Awareness Training
While a strategy of defense in depth is still a recommended approach to securing your organization’s infrastructure, it’s not fool-proof. In fact, those layers can all be circumvented with techniques that don’t require a keyboard.
That’s why when assessing risk to the enterprise, security professionals always look at user awareness training as a topic of interest — and an opportune area for improvement.
As hackers hone their skills, cyber security needs to focus on the weakest link: the human element. When a single email or a quick phone call can take down the production databases or grant a malicious actor unfettered access to confidential data, it’s the human sitting at the network perimeter that needs your attention.
The majority of organizations are actively preparing for a ransomware attack, including investing in employee cyber training, risk assessment plans, and cybersecurity insurance.