Ransomware and phishing can cost businesses millions of dollars, and a potentially tremendous loss over the long-term – impacting reputation and brand authenticity.
A few years ago, ransomware criminals used the ‘spray and pray’ approach and distributed their wares through phishing attacks to people whose email address they came across. This software usually locks up a victim’s data, which could be family photographs or something as sensitive as business documents. Those days may be far behind us, but unfortunately the world of cyber-security risks has now become even more complicated and dangerous.
CISOs and security leaders can avoid big losses by planning for ransomware and phishing attacks before they occur. Now ransomware operations have become increasingly strategic. Groups like REvil (also known as Sodinokibi) and Netwalker create extremely sophisticated malware, and later on, they grant associate groups with the access to that code. These groups seek out and affect possible victims utilizing complicated methods.
Also Read Interview: Understanding Invisible Assets and Shadow IT
While engaging their victims, ransomware affiliates use the type of attack chains conventionally associated with advanced persistent threat (APT) groups. These include reconnaissance systems to understand their targets better, followed by malware attacks meticulously designed to strike their target’s weakness. This precision plan has shown a marked acceleration in the size and volume of ransom pay-outs as businesses are left with no choice but to pay for lost data.
Tracing the Huge Cost of Ransomware
In some instances, the data encrypted by ransomware is extremely critical to operations. Despite the fact that organizations are able to retrieve their data, the entire process can cost millions in lost business, consulting charges, and legal expenses.
Besides, phishing is a big threat especially for board-level executives. The C-suite is a perfect target for the phishing attacks that usually carry ransomware.
According to a research conducted by MobileIron, almost two-thirds (60%) of IT decision-makers admit that C-suite executives across the organization are most likely to be targeted by a malicious attack. Furthermore, that number increased to 78% in the case of phishing attacks.
Safeguarding the C-Suite
Nowadays, ransomware business models are expanding into another extra profitable area – double extortion. As ransomware criminals are no longer satisfied with simply encrypting data, they are now exfiltrating it first. They will hide in the infected systems for some time, moving laterally through the system and stealing sensitive files. Moreover, they will seize the data to gain another chance to monetize it. Even if a victim is able to reclaim the encrypted files, the criminals threaten to publish the data if the company does not pay the ransom that is demanded.
The C-suite’s inclination to request moderate security controls makes them especially exposed to phishing attacks. These executives also formulate strategies, set direction and make the most crucial decisions. Therefore, this makes their data more fragile and thus more worthwhile.
For these reasons, businesses must now intensify their focus on C-suite security. A complex approach to security should always contain a data back-up plan. Moreover, it should also emphasize on awareness amongst senior executives, an extensive risk analysis, and a focus on process controls. These steps will help ensure that board-level executives do not become easy targets for threat actors.
For more such updates follow us on Google News ITsecuritywire News.