It seems like businesses across all industries these days are navigating ransomware attacks: critical infrastructure companies, large retail companies, and government organizations as well. Large-scale attacks that cripple education systems, power plants, stores, and more command the headlines these days. If you think it can only happen to someone else, think again.
When it comes to ransomware attacks, the truth is, no one is entirely safe. But how vulnerable is your company, exactly? Many assume hackers aren't interested in enterprise-sized or small businesses, but that simply isn't the case. In fact, savvy cybercriminals know that smaller businesses often don't have the same robust protections in place, and many don't have an IT department to look out for them. That can make a business relatively easy picking for a cyberattacker. Last year, half of all ransomware attacks hit small businesses and more than half targeted companies with fewer than 100 staff. The threat landscape has also expanded during the pandemic, as hackers targeted companies that were suddenly forced into remote work, often without the right cyber protections in place.
Certain business sectors seem to attract this unwanted attention from bad actors more often than others. Knowing and understanding the true risk posed to your business is an essential step in making sure you are sufficiently protected from attack. Overall, ransomware gangs aren't very choosy. But if your organization has lots of data that might be valuable to the dark web and data markets, ransomware gangs might be particularly interested in you. You might be surprised to know that a recent study showed ransomware gangs were less interested in targets in government, education, and health care, because of the potential fallout. Attacks against those sectors are frequently originating from nation-state actors.
Businesses that handle certain kinds of valuable data seem most at risk. So your company might gain the attention of ransomware gangs if you handle lots of Personally-Identifying Information (PII), if you serve large companies, if you process or store payment information, if you access another company's data, if you work in the supply chain, with infrastructure, or if your company is suddenly in the spotlight for some reason. Ransomware gangs also know who's most vulnerable, so like a wild animal hunting its prey—they will target the weakest of the herd. That's why they are known to focus on industries that are under pressure, those without strong security, those that don't train staff on security awareness, and those which can't defend themselves in the event of a phishing attack.
So, what kind of data is then valuable to ransomware gangs? We can surmise this based on who is most commonly targeted and what types of data are taken. Here's a look at the types of data most frequently stolen in breaches in 2021.
Many industries fall within these parameters from a data access perspective or from a scope of work perspective. If your business is reflected in these sectors or data types, chances are ransomware gangs have your number.
All businesses of all sizes and in all sectors are at risk of a ransomware attack, but if your organization is reflected in the descriptions above, it's time to focus on network security. Make sure you are working with a network security partner who knows and understands the threat landscape, which is always evolving. Be sure to provide regular security awareness training to your employees—who are unknowingly a company's weakest link when it comes to cyberattacks. Want to know more about how Locknet® Managed IT can help make your network secure? Contact us and we'll get started shoring up your protection against ransomware, phishing, hacking, and other vulnerabilities in the digital space.