As IBM reports an ‘explosion in ransomware’ attacks in the second quarter of 2020, companies must continue to be proactive in their defence, according to an IT consultancy.
The IBM Security X-Force Incident Team has reported that there has been an explosion in ransomware attacks in the second quarter of 2020. Nearly a quarter of all attacks were targeted at the manufacturing sector with professional services experiencing 17 percent of attacks.
During the global pandemic some companies have been, in many cases, at their most vulnerable, as employees work outside of the corporate network and without usual checks associated with IT security. Not only are criminals targeting companies during as before the pandemic, they are also updating their tools and techniques, with attacks becoming increasingly sophisticated.
Another trend is criminals gaining access to infrastructure but not attacking immediately, rather biding their time and looking into where the most valuable data lies, before launching the ransomware attack.
By combining ransomware attacks with data theft and extortion techniques criminals are further upping their game. Instead of taking control of the entire infrastructure and forcing companies to pay to get it back, they are now taking sets of particularly sensitive data before encrypting them. If the victims decline to pay for a decryption key, the attackers threaten to release the stolen data publicly. However, despite the increased sophistication of the attacks and their ever-changing methods companies can still hold the upper hand according to Tom Moore, Director at Acronyms.
He says: “It is perhaps unsurprising that there has been such an increase in the number of ransomware attacks during the second quarter of this year with criminals taking advantage of the global pandemic. As the attacks continue to increase in sophistication, it is crucial that companies do not sit passively behind outdated defences, but rather ensure that they are proactive in their defence.
“The weakest point in most companies’ defences, particularly in the current climate, are employees. Ensuring that they are trained and fully aware of what the latest threats look like helps to close the gap. Also undertaking regular security assessments that allow companies to understand the risks and how to protect against them is key. These levels of proactivity will help counter the ever-evolving threat from cyber-criminals.
“Many firms are now turning to trusted consultancies to help take some of the burden away from IT teams or in the cases of some SMEs, to act as the IT team themselves. This managed service approach can give companies peace of mind that they remain secure and in-line with regulations 24/7.”
See also the Acronyms blog.
