According to a recent report from IBM’s security team, 2016 was not a great year for security and privacy. IBM drew its conclusions from observations gathered from over 8,000 clients and numerous spam sensors and honeypots. The number of private records that fell into the hands of criminals rose by a shocking 566 percent. In 2015, 600 million records were compromised, which sounds bad enough, but in 2016 that number was over 4 billion.
In addition to a quintupling of the number of compromised records, the report reveals that online criminals are shifting the focus of their efforts from structured data like credit card records to unstructured data, including business documents, source code, and email archives.
Caleb Barlow, Vice President of Threat Intelligence at IBM suggests the shift to unstructured data is driven by a lack of demand for structured sensitive data. The implication is that there’s more structured data available to criminals than they need: revenue from stealing and selling structured data is constrained because there’s so much of it available.
Healthcare and financial services remain among the most targeted industries, but there has been a drop in successful attacks against healthcare organizations, indicating many are getting serious about protecting their users’ data and investing in effective security solutions.
It’ll come as no surprise to system administrators and security professionals that the star of the online crime economy last year was ransomware. 70% of businesses victimized by ransomware paid at least $10,000 to get their data back. The FBI reported that in just three months, ransomware generated $209 million for criminals, and it’s expected that in 2017 ransomware will be a billion-dollar industry.
The revenues generated by ransomware are driving a huge increase in spam, ransomware’s primary vector. Spam increased fourfold year-over-year, with just under half of all spam being attributed to ransomware.
Every company that handles sensitive user data must take security seriously. The technology exists to combat online crime, and it’s not a great endorsement of industries built on the collection and processing of private data if they expose that data to criminals in ever increasing volumes.
Ransomware is a serious problem, but spam-delivered ransomware is only effective if businesses allow spam to be delivered to their users and employees. The first line of defense against ransomware spam should be a managed email security solution capable of scanning and filtering email before it ever reaches users.
Ransomware works on the assumption that encrypting an organization’s data will deprive it of a valuable resource. But if data is securely backed-up, there’s no need to pay for a decryption key. With comprehensive and up-to-date backups, ransomware becomes a nuisance rather than an existential threat.
Steadfast’s Business Continuity and Disaster Recovery services provide a range of backup solutions that can help protect companies from the effects of ransomware attacks, including dedicated backup servers, customized data protection, and custom disaster recovery packages that empower companies to bounce back from potential data loss without lining the pockets of criminals.