Significant Increase in Organized Ransomware
The Online Trust Alliance (OTA) released its 2016 Data Protection and Breach Readiness Guide this week, providing "prescriptive" advice to help enterprises optimize online privacy and security practices, as well as detect, contain and remediate the risk and impact of data loss incidents.
The OTA analyzed key cybersecurity and online privacy trends and found that cybercriminals are increasingly targeting businesses with ransomware - malicious software that prevents or limits users from accessing their computer systems, ultimately forcing victims to pay a ransom in order to get back access. OTA determined that recent ransom demands have shifted from "opportunistic" extortion to being "market-based," meaning cybercriminals are targeting businesses with more valuable data and varying how much they are trying to extort from those companies based on a variety of factors.
“Much like surge pricing for taxis, cybercriminals now target and calculate their ransomware pricing based on company size, market value and much more,” said Craig Spiezle, Executive Director and President of OTA. “Cyber-surge pricing of corporate data is becoming widespread, increasing the impact and costs for businesses and their employees worldwide.”
Perhaps the most disheartening data point from the report is that 91 percent of data breaches are easily avoidable. The OTA found 91 percent of data breaches that occurred from January to August of 2015 could have easily been prevented by, for example, patching a server, encrypting data or ensuring employees do not lose their laptops.
OTA also announced that when analyzing over a thousand breaches involving the loss of personally identifiable information (PII) in 2015, it found actual hacks accounted for 34 percent of all incidents, while 30 percent were caused by employees—accidentally or maliciously—due to a lack of internal controls. The balance of incidents can be primarily attributed to lost or stolen devices (7 percent) and social engineering/fraud (8 percent). Lost, stolen or misplaced documents accounted for 9 percent of all incidents.