[ad_1]
When it comes to cybersecurity, bad actors never stand still. As a result, neither can today’s security professionals, technology providers and data privacy legislators. Indeed, an attacker now needs just 102 minutes to begin to move laterally once they have compromised a single device. This puts organizations under the gun to not only identify threats but respond at record speeds to avoid security incidents and ensure compliance with stringent regulations.
This article explores three of the top data security challenges that organizations face today and offers advice for mitigating security and compliance risks.
Ransomware
Ransomware continues to be a pressing threat to data security and data privacy for public and private organizations alike. Ransomware threat actors look to gain an initial foothold in a network, commonly via a vulnerable internet-facing system or weak application settings. Then they set out to hijack legitimate user credentials and move laterally across the network. Their goal is to compromise additional accounts and tools in order to encrypt as much sensitive data as possible to use as leverage in their ransom demands.
The following ransomware trends present a high risk today:
· Ransomware is evolving fast — Lockbit 2.0 emerged in 2022, but soon after patches to defend against it were released, Lockbit 3.0 appeared. Other ransomware groups are quickly developing new strains that share commonalities with previously identified ransomware; examples include Black Basta and BlackCat. Ransomware actors are likely to continue working hard to stay one step ahead of corporate defenses.
· Ransomware is increasingly human-operated — It’s estimated that one third of ransomware attacks are now successful because of the presence of a human being behind the keyboard.
· Ransomware risk is compounding with double and even triple extortion — More and more ransomware attacks not only demand a ransom for a decryption key; they also threaten data leakage for double extortion. Anecdotal evidence indicates that triple extortion is on the rise: If an attacker obtains sensitive information about a victim’s business partner, they attempt to extort ransom from that company as well.
[ad_2]