The evolution of ransomware threats in 2023 has marked a significant escalation in their sophistication and impact. The 2023 State of Ransomware Report revealed that ransomware attacks have reached an all-time high, with the United States bearing a substantial 43% of these global attacks. Notably, France saw its ransomware attacks nearly double in just five months. The year 2023 saw a continuation of the upward trend in ransomware activities that began in 2022, with high-profile attacks targeting major corporations like Toyota and Boeing, exploiting vulnerabilities like Citrix Bleed (CVE-2023-4966).
Ransomware’s evolution from mere data encryption and a ransom, to data exfiltration and full blown corporate extortion has notably altered the cybersecurity landscape. This shift means that traditional data backup and recovery practices are no longer sufficient as defensive measures against these attacks. One of the significant trends in 2023 is the growth of encryption-less extortion, emphasizing data theft over disruption. Ransomware attacks involving data extortion witnessed an alarming annualized increase of more than 112%, with industries such as Manufacturing, Information Technology, and Professional Services being the prime targets.
The Securities and Exchange Commission (SEC) in the United States responded to this escalating threat by implementing new rules requiring registrants to disclose material cybersecurity incidents and their cybersecurity risk management strategies. These new SEC rules, which mandate disclosure of “material” cyberattacks within four days, represent a significant change for U.S. organizations. However, ransomware groups have exploited these new disclosure rules to intensify pressure on their victims. For example, the notorious ALPHV ransomware group, also known as BlackCat, used these rules to threaten companies with public disclosure of stolen data.
Despite these new regulations, a recent report indicated that up to 75% of ransomware attacks went unreported, and companies often failed to make timely disclosures about significant breaches and attacks. The SEC Cybersecurity Disclosure rule now requires companies to disclose and report the nature, scope, and timing of “material” incidents, along with their business impacts, both actual and potential. This rule aims to provide more transparency and timely notification of cybersecurity incidents to the public.
In light of these developments, businesses, government agencies, and households must prioritize cybersecurity. Regular security audits are essential for businesses and government agencies to identify and mitigate potential vulnerabilities. While cybersecurity insurance offers a layer of protection, it mandates policyholders to implement robust security measures as a prerequisite for coverage.
Updating or creating comprehensive IT policies that cover security, disaster recovery, and other key areas, coupled with regular training, is critical. Given that the human element contributes to 50% of breaches, managing this risk is crucial. Additionally, compartmentalizing information access and maintaining secure, encrypted backups can further mitigate the risks posed by ransomware.
As we move into 2024, the enforcement of laws governing unauthorized data disclosure, consumer privacy, and minimal security requirements is likely to intensify, especially in states with existing laws. This trend underscores the importance for companies and agencies to be thorough in their cybersecurity measures. In addition, the scope and sophistication of ransomware and other cybersecurity attacks are likely to continue growing at an alarming pace.
We believe that a dollar invested wisely in proactive cybersecurity measures can pay dividends of stability, resilience, and continuity. Spending before an incident is also much, much more cost effective than trying to clean up the damage afterwards. While no cybersecurity solution is perfect, most businesses and government agencies can and should do more to protect their data and digital infrastructure.
If your company or agency needs a hand, reach out. We’re delighted to help. With over 25 years of experience in cybersecurity, and a focus on putting our clients’ interests first, we are an industry leading provider of comprehensive cybersecurity solutions at competitive prices.