According to the Ponemon Institute’s 2016 Cybersecurity Trends Report, 66 percent of business and technology professionals surveyed identified phishing and social engineering as top threats. This shouldn’t be surprising, as phishing and social engineering are primary sources of malware infiltration such as ransomware.
According to the recently released 2016 H2 Global Threat Intelligence Trends report from global network cybersecurity vendor Check Point, ransomware attacks almost doubled in the second half of 2016 alone, with thousands of new ransomware variants. Clearly, the rapid and constant evolution of ransomware requires that businesses and enterprises move away from asking, “How does ransomware work today?” to “How will ransomware work tomorrow?”
Last year, government agencies and businesses in the United States suffered losses from 1,093 reported data breaches. That number is likely higher due to the fact that these attacks are rarely spotted for months after the initial attack takes place. As Eva Casey Velasquez, chief executive officer of the Identity Theft Resource Center puts it, “this [number] is the best-case scenario.”
It goes by names like WannaCry, Locky, and CryptoLocker, and if the computers in your workplace were infected with one of these, or the many other variants of ransomware, you would know almost immediately. It generally starts with an email that asks you to download and open an attachment or enable macros on a document. Once you comply, the malware starts running in the background and encrypting all of your files using asymmetric encryption so that you cannot open and view them without the decryption key. Of course, that key is only made available to you once you pay the hacker the ransom; details for payment are made available to you via the new background the malware has set up on your computer.
While most everyone in the digital era is aware of malware, this term covers a number of different threats, but the one attack method that is leading the pack today is ransomware. Ransomware attacks quadrupled in 2016 and will double again in 2017, according to a report issued by Beazley, a provider of data breach response insurance. It’s now the most profitable type of malware attack in history.
According to the Business Continuity Institute’s 2017 Horizon Scan Report, cyber attacks and data breaches are the top two threats facing businesses. As these threats continue to evolve, becoming increasingly more complicated and sophisticated, organizations must proactively manage their IT services in order to protect their business, clients, and data. We’ve written about three innovative technologies that can help protect you against the ever-evolving threat of cyber crime.
When it was passed in 2010, Jones Day called the Standards for the Protection of Personal Information of Residents of the Commonwealth (of Massachusetts) “the most comprehensive data protection and privacy law in the United States.” The law, known as 201 CMR 17.00, was created to protect Commonwealth residents against identity theft and fraud. It requires any companies or persons who store or use personal information about a Massachusetts resident to develop a written, regularly audited plan to protect personal information. This applies to both paper and electronic records.
Gone are the days when antivirus software was enough to protect digital assets against IT security risks. Today, you need more effective defenses against the large majority of malware, zero-day, and other threats that are out there. But with a limited budget and/or in-house (cybersecurity) talent, it’s not always easy to determine which security solutions should be given top priority.
If you look at the headlines on any given day, you are going to see at least one news story about a data breach, ransomware, or other computer-related crime. It’s hard for companies to get a handle on their security and risk management because the threat landscape is always changing. From zero-day exploits to state-sponsored attacks, it seems like the deck is stacked in favor of the attacker.
Virtual networks and infrastructure differ in many ways from their physical counterparts. Increased flexibility, ease of provisioning and lower cost are some of the attributes that make virtualization a practical choice for many types of businesses. A virtual infrastructure requires a shift in thinking, though, especially when it comes to network security.
