Cyber Roundups: Disruptions, Disclosures, and Financial Loss in the First Half of 2020
The first half of 2020 brought major unexpected challenges as the pandemic drove a massive increase in telework and remote schooling. K-12, higher education, and city and county governments all dealt with cyber challenges, old and new. Find compilations of these stories on our Cyber Roundups page.
Ransomware attacks were in high gear in the first two months of the year and then slowed during the pandemic. Schools and businesses lost hours, days, or weeks of productivity dealing with the fallout of these disruptions. Ransomware continues to rise and it’s likely because more organizations are paying the ransom. In 2017, just 39% of organizations affected by ransomware chose to pay the ransom. By 2019, that number increased to 58%. Successful attacks will only lead to an increase in attempts. Of note is that the ransom demands now sometimes include threats to disclose private information, not just delete it.
We saw multiple vectors for disclosures or data breaches. A breach of a third-party company affected the private information of K-12 school and local government employees in North Carolina. As Zoom’s popularity skyrocketed overnight, we saw “zoombombings” and other security concerns with teleconferencing programs. We also saw theft of physical devices and multiple phishing attacks. And, unfortunately, the Click2Gov security issue continues to plague local governments.
Millions of dollars were lost in Business Email Compromise (BEC) scams, often through wire fraud where an accounts payable employee was directed to change payment details by a scammer. Additionally, local governments and universities incurred financial losses paying ransoms to decrypt their files.
Consider where your organization might be vulnerable as you read these stories. A strong culture of cyber awareness, particularly phishing awareness, would likely have prevented most of these attacks. Our Bite-Sized Security Awareness and Phish & Learn programs deliver education and testing at regular intervals to keep cyber awareness at the forefront of your organization. To find out more or schedule a free demo, contact us.