Hackers do not always give you an instant jump scare; they often remain hidden in the shadows. According to the Cost of a Data Breach Report 2021, it takes an average of 287 days to identify and contain a data breach.
A prime example of a hacker lurking unnoticed would be the SolarWinds ransomware attack. The IT and software management company that provides services to businesses and government agencies had a bad actor enter their IT infrastructure in September 2019 and went undiscovered until December 2020. Within the next year, more details were released about the situation. In January 2021, SolarWinds stated they would prioritize cybersecurity in the coming year, and they hired former Facebook and CISA security experts as consultants.
Ransomware is a form of malware (software intentionally designed to cause damage to a computer, server, client, or computer network) that encrypts a victim’s files, and an attacker demands ransom from the victim in order to regain access to their data. According to The State of Ransomware 2021 report , the average cost of ransomware recovery is $1.85 million.
“[Ransomware has] really changed the face of cybersecurity over the last couple years,” Director of Cyber Security Operations Christopher Houseknecht said. “We see it all the time in the news.”
Research from the Cybersecurity and Infrastructure Security Agency (CISA) found that hackers will most commonly execute ransomware attacks through email phishing, Remote Desk Protocol (RDP) vulnerabilities, and software vulnerabilities. Email phishing is when an attacker tricks a user into revealing confidential information using false pretenses, often disguised as being from a person or business the receiver is familiar with. But underneath that familiar face is a cybercriminal waiting to steal your precious personal information.
According to the 2021 Business Email Compromise Report, the most common display names are company name (68%), individual’s name (66%), and a boss or manager’s name (53%). According CSO magazine, more than 80% of cyberattacks involve phishing.
“I received an email from ‘Emil Sayegh’, the CEO of Ntirety, asking me to buy him gift cards.”
No one is safe from these attacks. Just a few weeks after being hired, Ntirety Marketing Specialist Kori Ortiz almost fell victim to a phishing scam , but fortunately had the cybersecurity instincts to question the messages.
“I received an email from ‘Emil Sayegh’, the CEO of Ntirety, asking me to buy him gift cards,” Ortiz said. “I was confused as to why he would ask me this; which was the first red flag. Always trust your gut. If something feels like it’s not right, then it probably isn’t.”
In 2020, a record 86% of organizations were hit by a successful cyberattack, as stated in the 2021 Cyberthreat Defense Report. This is an alarmingly high percentage of people who have had their data snatched from them. There’s no trick here – we must all do our part to protect data. Everyday best practices are the first step, including not sharing passwords, creating strong passwords, and using caution when opening unfamiliar emails and links.
Cybercriminals are always disguising themselves to fool users into thinking they are safe to go about their usual business. With better caution and the help of cybersecurity professionals, these cybercriminals will receive more tricks than treats.
Our Cybersecurity Playbook explains the Five Aspects of Compliant Cybersecurity and gives you a chance to test your business’s cybersecurity posture against these five core components. Download it today and schedule an assessment with us today to learn more about ways that you can prevent potential threats.