Cybercriminals of the 2020s are like the bank robbers of the 1930s. Today’s more shadowy dark web counterparts of notorious bank robber Willie Sutton steal information, ransom businesses, and hijack personal information because, in Sutton’s words, “…that’s where the money is.”
Sutton earned his nickname “Slick Willie” because of his genteel and polite demeanor during robberies. His modern-day cohorts rely on subterfuge and secrecy and tactics ranging from dark web data hijacking to trickery and phishing schemes. They are impossible to locate, cannot be extradited, and frequently operate under the auspices of protection of foreign governments.
2021 was a “good” year for the crooks
The Identity Theft Resource Center reports that as of the beginning of the third quarter of 2021. 1,291 companies reported data breaches affecting over 281 million victims—up 17% from 2020. The operative word here is “reported”, because according to ZDNet, “an entrenched lack of transparency around the disclosure of security incidents continues to persist — and so this may be a low-ball estimation.”
Nevertheless, the average cost of a data breach far exceeds what Willie Sutton and his gang could have reaped—about $4 million. Ransomware demands against U.S. companies have also reached an epidemic average of well past $6 million—with one record payout by an insurance company at $40 million.
So, 2021 was a good year for cybercriminals proving that cybercrime is here to stay and, if anything, will intensify. Accordingly, in 2021, a cyberattack occurred every 39 seconds.
2022 promises to get worse. The upward trajectory is in a target-rich cybercrime environment where both small- to medium-sized businesses are as vulnerable as high-profile corporations. In fact, cyber-attacks can be piggy-backed on many of those smaller targets for backdoor exploitation of bigger fish.
RaaS is booming
The growing sophistication of ransomware attackers over the past few years has spawned a cottage industry for so-called “Ransomware as a Service (RaaS). Hackers penetrate their targets, while the franchising service provides the tools and collection methods for a percentage of the take.
Access to unbreakable encryption tools and a proven record of success could likely recruit even more malware attackers. Organizations who would rather pay than face prolonged shutdowns or have their proprietary information sold to the highest bidder will likewise continue to pay up even with no guarantee that their data will be safe.
It should come as no surprise, then, that RaaS, along with the difficulty of tracking and jailing hackers, are both indicators that the ransomware business model will flourish in 2022. One senior product marketing manager made the alarming prognosis that “we will see a growth in the ransomware-as-a-service market… Whether you are a small business or large enterprise, at some point, you will be targeted by a ransomware attack…”
The Pandemic Brought New Vulnerabilities
As many workers were sent to their home offices during the pandemic, many also decided to participate in the so-called “great resignation.” They are pursuing new opportunities, and this worker exodus has brought its own set of security vulnerabilities.
Staff turnover means gaps or weaknesses in security protocols and awareness. Human engineering and exploiting a person’s natural curiosity and eagerness to please are the fertile targets of phishing and planting malware on the company’s systems and servers. Social engineering, then, can bypass even the strongest firewalls.
A new approach to security is needed
The rise of hybrid working and continued innovation from threat actors means 2022 has plenty of nasty surprises in store. As a result, a fresh approach to secure the future of work is required.
Cybersecurity leaders should focus on protection where it is needed most: the endpoint. Organizations should embrace a new architectural approach to security that helps to mitigate risk. This involves applying the principles of zero trust — least privilege access, isolation, mandatory access control, and strong identity management. Also, the foundation of data security is to backup everything and backup your backups.
What can you do to protect your business? Working with Grapevine MSP is a great place to start. With the help of strategic IT consulting services, proactive security, data compliance, and cost-effective solutions, Grapevine MSP can keep your business on track to grow and stay safe in the ever-growing range of online threats.
If you have questions and would like to hear from one of our cyber security experts, send us a message or give us a call. We are here to help you!