Smaller companies, remote work reveal cyber vulnerabilities
Ransomware demands increased nearly threefold during the past 12 months, while less sophisticated intrusion techniques were deployed.
Small and micro businesses are increasingly being targeted by cybercriminals, according to Coalition, Inc., which reported that 2021 has seen a 57% increase in the frequency of attacks against enterprises with fewer than 250 employees.
Additionally, small through midsized businesses (fewer than 1,000 employees) are more often impacted by and vulnerable to attacks, according to the cyber insurance and security provider, which noted these companies account for 70% of ransomware attacks.
“It’s clear that ransomware and other cybercrimes have escalated considerably in the past year. Bad actors are targeting everything from critical infrastructure to the corner store,” Joshua Motta, CEO and co-founder of Coalition, said in a release.
Further, the move to remote work and the tools embraced hastily during the pandemic, such as Microsoft Remote Desktop (RDP), left enterprises vulnerable as they became favored targets of cybercriminals. From the first half of 2020 to 2021, the rate of policyholders with a claim due to exposed RDPs grew from 29% to 40%. Those incidents also have a 103% increase in severity during the period, according to the cyber insurance provider.
Remote work also allows cybercriminals to deploy less sophisticated attacks, with almost half of attacks against Coalition policyholders being initiated by phishing or social engineering schemes. Fund transfer fraud (FTF) also increased in frequency, with the average funds stolen growing 179% during the past 12 months.
Ransomware demands continue growth
From the first half of 2020 to 2021, ransomware clocked a threefold growth rate, increasing from an average of $450,000 to $1.2 million at the end of the period reviewed, according to Coalition.
Remote work has allowed cybercriminals easier and longer access. The latter allows hackers to understand better how a business operates, the type of information it stores, and its insurance coverage. This helps inform malicious actors about what a company can afford and the value of encrypted data.
Simple steps like spam filtering and user training are vital to thwarting ransomware along with a robust backup strategy.
“We believe that when organizations understand their risk profile and take proactive steps to reduce their risk, they can safely embrace new technology and remain resilient to cyberattacks,” Motta said.
Related: