There are three important and destructive cyber security threats that surprise organizations of all types and sizes:
Ransomware;
Cloud incorrect configurations; And
Supply chain backdoor.
I will illustrate with recent examples what you can do to avoid the mistakes and threats of others.

Let's start with ransomware. This is one of the most devastating risks facing your organization today. Why? Because, no matter who you are, it can literally stop your activities and cause significant cost, pain and suffering.

Consider a recent example of an organization. It was infected with ransomware, and IT systems shut down for weeks. This may require a gradual restart of the system. It is estimated that it will cost about $ 95 million from lost sales, recovery, and settlement, which will affect profitability. In addition, it was announced that growth plans for this year could not be achieved.

Take another recent example. Three hospital systems were affected, IT systems were shut down and no incoming patients could be received for days. It had to work with paper until the IT systems were gradually restarted. Unfortunately, in this case, incoming patients could be referred back to other hospitals in a timely manner without losing their lives, but this can be devastating.

No organization is free from ransomware and can withdraw its dirty head at any time and cause severe pain.

There are many variants, each of which can be easily changed by the attacker to avoid the defense. Duke ransomware is an example of one that has already caused significant pain to hundreds of organizations this year in the US and around the world. Previously, Samsung ransomware attacked various organizations in the US and Canada, paying a ransom of $ 6 million and causing more than $ 30 million in damages. Prior to that, the note ransomware had rapidly infected hundreds of organizations in various parts of the world and caused more than $ 10 billion in damage.

Attackers find ransomware infiltration faster and easier, and encrypt some data rather than try to get rid of them all. They ask themselves, when only certain critical systems and data can be locked until a ransom is paid, why try to search and steal all the data?

They see that the victim will not be able to access critical data and systems, and will have an immediate adverse effect with ransomware as they will not be able to function. Therefore, there is a high risk of paying a ransom to prevent pain and suffering, especially if the victim has cyber insurance. It is possible for an organization to use an insurance policy to pay a ransom instead of continuing to disrupt or shut down its operations.

Although most organizations have imposed various restrictions on the prevention and detection of data theft, they find that they have not been given equal weight to prevent and detect ransomware. Most organizations have a lot of data, and all data theft that has occurred and continues to be reported in the media is biased to focus on data theft. But the ransomware risk cannot be ignored or taken seriously.

Imagine that you are infected with ransomware and that your people cannot access and operate documents, files, or systems. All critical files and systems are locked out of ransomware encryption, and the hacker pays a ransom for the keys to unlock the encryption. What if it takes days, weeks, or months for you to recover? What impact will this have on your organization?

You may think you can recover quickly from backup files and systems, but are you sure? Newer ransomware variants are designed to hunt, delete, and encrypt backup files and systems, in some cases, first, before encrypting the remaining files and systems.

The recently affected organization, which estimates a $ 95 million financial impact from ransomware, thought the risk was under control until it hit ransomware and realized it was not ready to handle the risk.