Cybercrime is not only a danger for companies, but also an alarmingly successful business model: a ransomware attack led to a ransom payment for almost every second company in Germany (45%).
For smaller companies with up to 1.000 employees, it was even more than half, at 55 percent. This is the result of a SoSafe survey of more than 1.000 safety officers from six European countries, which was published in the Human Risk Review 2023.
Ransomware pays off for the attackers
Compared to other European companies, companies in Germany pay more often than those in the UK (38%) and France (30%). In contrast, more ransom payments are made by Dutch companies (46%). Ransomware also remains one of the most common types of cyberattacks, according to the research: one in three organizations (32%) that have been the victim of a cyberattack in the past three years was attacked with ransomware. “The number of ransomware attacks is alarmingly high. The fact is, ransomware is worthwhile for the attackers and will therefore remain an integral part of their repertoire," says Dr. Niklas Hellemann, CEO and founder of SoSafe.
Ransomware-as-a-Service
One of the reasons for this development is the professionalization of cybercrime. Cyber criminals are constantly developing their business models and theoretically making their malware accessible to everyone via "ransomware-as-a-service" (RaaS) on the Dark Web in exchange for payments with cryptocurrencies - even with different subscription models and their own customer support. Even laypeople without IT or hacking knowledge can carry out highly effective blackmail attacks. New technologies also accelerate this process. In particular, artificial intelligence (AI) and tools such as ChatGPT offer cyber criminals enormous scaling potential for their cyber attacks - initial studies by SoSafe, for example, show a time saving of at least 40 percent in phishing attacks, the main gateway for ransomware.
“The emergence and evolution of the ransomware-as-a-service business model demonstrates how cybercriminals are adapting and diversifying their business strategies to expand their illegal activities. And these ransomware attacks can be very harmful,” says Hellemann. “Recent IBM research shows that a successful ransomware incident costs organizations an average of $4,54 million, not including ransom demands. It can be expected that this type of attack will become more numerous and widespread in the future. It is all the more important to optimize your own security strategy and keep up with the innovations of the digital age. To do this, investments should not only be made in new tools and technologies, but above all in the human factor in order to promote a human-centric safety culture.”
Tips for dealing with ransomware attacks
Preventing ransomware attacks is a daunting task. However, security measures focus not only on prevention but also on mitigating the potential consequences of a security incident. In the case of a ransomware attack, the main concern is protection against data loss. Companies can take the following measures:
- the restriction of the administrative rights of employees,
- the review and implementation of effective password policies and
- the introduction of strict access management at the server level.
Because many ransomware attacks, including phishing attacks, primarily target the human layer of security and often begin with some form of social engineering, an effective cybersecurity strategy must also include regular awareness training. By promoting the security behavior of their employees and strengthening their resilience, organizations can minimize the risk of a cyber attack.
More at SoSafe.com
About SoSafe
SoSafe helps organizations build their security culture and mitigate risk with its GDPR-compliant awareness platform. 2018 by Dr. Founded by Niklas Hellemann, Lukas Schaefer and Felix Schürholz, SoSafe now has more than 4.000 customers worldwide and is one of the leading providers of security awareness and training in Europe. With behavioral psychology elements and smart algorithms, SoSafe enables personalized learning experiences and attack simulations that motivate and train employees to actively protect themselves from online threats.