Security Experts:

Connect with us

Hi, what are you looking for?


Cyber Insurance

Recent Ransomware Trends Reinforce the Need for Cyber Hygiene, Collaboration

It’s no secret that ransomware has reached near-epic proportions. We are hearing about ransomware attacks left and right – and those are just the ones we hear about. For every attack that makes the headlines, there are many more that don’t.

It’s no secret that ransomware has reached near-epic proportions. We are hearing about ransomware attacks left and right – and those are just the ones we hear about. For every attack that makes the headlines, there are many more that don’t. In fact, a recent survey (PDF) by Fortinet found that more than two-thirds of organizations say they’ve been the target of at least one ransomware attack.

Ransomware is top of mind for business leaders – and the evolving threat landscape is cited as one of the biggest challenges in preventing ransomware attacks. Let’s dig into some of the other findings of the survey.

Ransomware is the top cybersecurity concern

Far and wide, ransomware is the most pressing cybersecurity challenge, with 85% of those surveyed stating they’re more worried about a ransomware attack than any other cyberthreat. Almost 100% of our respondents (95% to be precise) said they were concerned about the threat of these attacks; 77% were very or extremely concerned. And it’s easy to understand why: ransomware has seen a tenfold increase in the past year. This isn’t just fear and rumor; the threats are very real. 

How organizations are confronting these threats 

Despite the heightened sense of fear about ransomware, 95% of organizations said they felt at least moderately prepared to deal with such an attack. That said, under half of respondents have a strategy that includes tactics like network segmentation, business continuity measures, a remediation plan and testing of ransomware recovery methods. Less than a quarter are using red team/blue team exercises to identify weaknesses in security systems.

And though the majority of respondents said they have an incident response plan in place, it’s important to examine what’s included in that incident response plan. Common elements include risk assessment plans, offline backups, and cybersecurity/ransomware insurance.

Of the responding companies that lacked an incident response plan, the top reason given (54%) was inadequate skilled internal resources for developing a plan.

More training and cyber hygiene still needed

The most common element in all these plans was employee cyber training (61%). The message that end users are the primary target of ransomware attacks and are therefore the first line of defense against phishing attacks seems to have gotten through. 

However, more can be done in terms of cyber hygiene – especially given how the move to remote and hybrid work has completely changed the game in terms of expanding the attack surface. Organizations need to ensure that any cyber awareness training is being done on a regular basis and where applicable, that it’s been evolved to address the unique aspects of hybrid/remote work.

It’s not just the awareness but cyber hygiene that’s important. It involves a series of practices and precautions that keeps employees and their devices safe, particularly within a hybrid work model. For distributed networks, IoT everywhere, the adoption of multi-cloud infrastructures and a growing reliance on SaaS application usage often proves challenging to keep up with. 

Training also must include continuously providing employees with updates on new social engineering attack methodologies so they know what be on the lookout for. Smishing, vishing and angler phishing are examples of attack types that employees must learn to spot. This is an ever-changing landscape; training isn’t a one-and-done kind of thing. 

Tackling the problem requires a multi-faceted, multi-organization approach

Mitigating the risks of ransomware is going to take a village. There’s no getting around it: no company can truly combat this alone. To truly develop a strong security posture, organizations need to work with all internal and external stakeholders. That’s because more data ensures more effective responses. Accordingly, cybersecurity professionals must openly partner with global or regional law enforcement, like the Cybersecurity and Infrastructure Security Agency (CISA.) Sharing intelligence with law enforcement and other global security organizations is the only way to effectively take down cybercrime groups. Simply defeating a single ransomware incident at one organization does not reduce the overall impact within an industry or peer group.

Cybercriminals have a reputation for targeting multiple companies, networks, software verticals and systems. Public and private entities need to collaborate by sharing threat information and attack data to make attacks more difficult and resource-intensive for cybercriminals. Private-public partnerships also help victims recover their encrypted data, ultimately reducing the risks and costs associated with the attack. 

Private and public entities also expand visibility when they work together. For instance, a bank may suffer a ransomware attack but not share information responsibly with law enforcement. Then, law enforcement may end up working with a credit card company also impacted by the same cybercrime group and lack key information to understand the full scope of the criminal organization.  

No time like the present

As we near the end of 2021 and budget planning for 2022 is in full effect, now is a great opportunity to assess the state of current cyberthreats and your own cybersecurity status. The findings reinforce the need for a strategy that involves both increased cyber hygiene and improved private-public collaboration. 

RelatedPrediction Season: What’s in Store for Cybersecurity in 2022?

Written By

Derek Manky is chief security strategist and global vice president of threat intelligence at FortiGuard Labs. Derek formulates security strategy with more than 15 years of cyber security experience behind him. His ultimate goal to make a positive impact in the global war on cybercrime. He provides thought leadership to industry, and has presented research and strategy worldwide at premier security conferences. As a cybersecurity expert, his work includes meetings with leading political figures and key policy stakeholders, including law enforcement. He is actively involved with several global threat intelligence initiatives including NATO NICP, INTERPOL Expert Working Group, the Cyber Threat Alliance (CTA) working committee and FIRST – all in effort to shape the future of actionable threat intelligence and proactive security strategy.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...