A successful ransomware attack is estimated to hit an organisation every 11 seconds globally, with collective damages set to hit over £15 billion by the end of 2020.
As we have discussed many times during recent posts on our blog, phishing and ransomware attacks have had an exponential increase in frequency since the start of the pandemic, with ransomware attacks amounting to over 41% of all cyber insurance claims in 2020.
This last year, many thousands of organisations have been targeted for ransomware attacks, forcing their hand in stumping up large sums of capital to be able to access their essential files. A striking 25% increase of ransomware attacks was observed since the start of the pandemic; a kick in the teeth for organisations all over the globe that were already on their knees.
For many organisations, these attacks are simply not recoverable.
Bad actors have started to aim at larger, more established organisations in the aim that they will receive larger payments from them. Recent examples include the attacks of fitness technology giant Garmin, Canon cameras, and the University of Utah.
The payout from insurance companies for ransomware attacks varied enormously, from £764 to over £1.5 million for each incident. Nevertheless, no matter the size of the organisation, these sorts of attacks can cripple organisations.
An attack vector most favoured by social engineers is phishing attacks, this is often how ransomware payloads are delivered and they have seen a marked increase in frequency this year.
In particular, business email compromise (BEC) attacks. BEC attacks increased in frequency by an astonishing 67% compared to 2019, a very worrying statistic.
BEC emails impersonate somebody within the organisation, usually of higher rank. The victim then assumes authenticity of the email, due to the simple wording and often brief/urgent nature of the message, trusting the contents or instructions within.
If links within the email are clicked, this opens the gates for myriad problems, for example, granting social engineers access to previously secure files that belong to the organisation, this is where huge damage potential exists.
The reason that this increase of 67% is so worrying is that these scams are so easy to fall for. A study by the Better Business Bureau (BBB.org), summarised by the Association of Certified Fraud Examiners (ACFE) found that:
“Before training, employees are 30% likely to click on a malicious link contained within a BEC email. After training, only 2% are likely to click on a link.”
Ryan Gregory – CFE AML Support Specialist, Umpqua Bank
This once again goes to show just how vital, effective and efficient cyber security training can be, and we at PhishingTackle.com are honoured to support our customers through this period of intense pressure.
Could everyone in your organisation help to stop a devastating ransomware attack by spotting that initial phishing email? Find out in our Free Click-Prone® Test now.