- Ransomware targets SMBs
- Cloud invites security concerns
- Ecommerce fraud is on the rise.
Know someone who should be getting the Situation Report in their inbox? Just forward this email and they can subscribe by scrolling to the bottom of www.blokworx.com.
This monthly newsletter is designed to arm SMBs, C-Suite, and MSPs with top insights and trends shaping the cybersecurity landscape in order to protect your business.
Wishing you and your families Happy Holidays and a wonderful New Year!
#1: Ransomware gets more effective and expensive for SMBs
- Among 56% of organizations surveyed that were hit by ransomware, 27% were forced to pay an average ransom to the tune of a crippling $1.1M. The top attack vectors and culprits? Commercial VPN software, phishing attacks, and compromised Windows applications.
- Every 11 seconds, hackers attempt to infiltrate a business. Along with disruption caused by the pandemic, bad actors are now leveraging more targeted approaches, further enabled by ransomware-as-a-service (RaaS). By 2021, the damage incurred by small businesses and enterprises is predicted to reach $20B.
Insight:
Although ransomware attacks will continue to evolve, threatening SMBs with financial loss, reputational damage, and severe lawsuits, they are also entirely avoidable. Through preventive cybersecurity, you can protect your clients’ business assets from edge to endpoint, securing VPN vulnerabilities and monitoring for initial indicators of compromise before they result in catastrophic events with costly consequences.
#2: CISOs worry about work-from-home vulnerabilities
- It’s no secret that moving to the cloud offers benefits of scale. However, it also invites vulnerabilities across email, storage, real-time collaboration, and other use cases. Working from home is the new reality for most employees, but a distributed workforce comes with greater attack surfaces to cover and requires advanced monitoring.
- Take, for instance, the popular faith app Pray.com that unwittingly exposed personal data for up to 10M users due to a cloud misconfiguration. Aside from unwanted public scrutiny, the company could catch the eye of CCPA or GDPR regulators.
Insight:
The average US company uses 16 cloud services, and digital transformation has caused a perfect storm for cybercriminals to exploit. With a patchwork of devices and systems to manage, a unified front is the only way of stopping threats in their tracks. Prevention beats recovery any day of the week.
#3: Ecommerce fraud grows in volume and sophistication
- The recent explosion in digital commerce and online traffic is fueling a new generation of fraud, powered by AI. Bot attacks and credential stuffing remain prevalent, but cybercrime is picking up in its sophistication and prosperity. Akin to jewelry thieves, hackers are now outsourcing their jobs by weaponizing algorithms to escape the “cat and mouse” game and hide in plain sight.
- At the end of the day, cybercriminals are relentless, motivated by the prospects of stealing anyone’s money or data. They only must get it right once, whereas security teams have to get it right every time. That’s why the need for advanced technology combined with security expertise has never been greater than ever before.
Insight:
No one should have to stand against the onslaught of cyber threats alone. Especially when you’re focused on doing what you do best, creating value for your customers and growing your business. There’s just too much to keep up with, and we’ve seen what happens when security gets spread too thin. By the time you’re recovering from a backup after a security incident, it’s too late. Brand reputation and trust erodes, driving down sales and customer loyalty. The good news is, we have a solution.
In Other News…
- 11/20: Faith app Pray.com compromises 10M users through cloud misconfiguration;
- 11/20: Mitsubishi Electric again falls victim to cyberattack;
- 11/19: Oregon County website goes down as a result of Managed.com’s ransomware attack;
- 11/18: Data breach at Mercy Hospital in Iowa City exposes 60K medical records;
- 11/18: Cold storage and biotech companies Americold and Miltenyi are hacked;
- 11/18: Liquid cryptocurrency exchange discloses security breach;
- 11/17: Used electronics retailer in the US exposes over 2.6M files;
- 11/16: Ransomware attack forces web hosting provider Managed.com to take servers offline;
- 11/13: Credential stuffing attack hits The North Face.
