Numerous stats in this post and infographic were provided courtesy of Cybersecurity Ventures.
MonsterCloud Cyber Security has just released a horrifying report – the headline numbers say it all. By 2021, there will be a ransomware attack every 11 seconds and 70% of people paying ransoms are NOT getting their data back!
In addition, phishing emails are a major way to transmit ransomware – still but hackers are using social and other methods as well.
Worst of all, since 2018 only 12 individuals have been indicted for perpetrating ransomware attacks – which you can imagine doesn’t make a dent on the problem.
Most recently we shared ten hospitals were hit with ransomware – all at once. this happened after the research from MonsterCloud was released!
In other news we’ve covered, the FBI just released a ransomware report, the DHS has released a report explaining VPNs have been hacked and the New York State Attorney general is getting very aggressive in suing and fining companies who have breaches. If they aren’t following their internal cybersecurity policies or do not disclose properly, any company doing business in New York could be at risk. the New York Shield Act goes into effect in a few weeks and increases restrictions and penalties for companies with data on New York residents. New fines will be as high as $250,000!
Check out the exclusive infographic for more.
How your organization can stay safe:
1) Determine if you are in possession of private information for New York residents, even if you are not conducting business in New York. This may be the opportunity to assess whether you need to retain this information for ongoing business purposes.
2) Ensure that you have administrative, technical, and physical safeguards in place that comply with the requirements of the SHIELD Act.
3) Develop, or revisit, internal policies for how the company will identify and respond to a data breach. Ensure that your employees understand the policies and that they are properly implemented.
4) This is a good time to re-evaluate corporate cybersecurity – new attacks are launched constantly against organizations. We reported recently that a new IRS scam warning has been disseminated by the IRS – warning people to be careful not to click on emails from the organization as they are likely malicious messages disguised to look like they emanated from the agency.
5) Read cybersecurity essentials – a simple list which will help most organizations become far more secure.
6) Go to a phishing simulation vendor now and sign up for one of their offerings. Phishing Box, KnowBe4 and Phish360; are all great.
7) We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately – they can also help you build in the needed compliance to reduce the risk of being fined.
