Every year, the Identity Theft Resource Center (ITRC) puts out a comprehensive evaluation of the year’s data breaches for U.S. companies. The 2020 report, which you can download here, details the number of compromises, the root causes, and the types of data compromised. There’s good news this year: the total number of breaches is down 19% when compared to 2019. And even better, the number of individuals impacted is down 66% year over year.

But it’s not time to let your guard down. Cybercrime hasn’t gone away, it’s simply shifted. Criminals have moved their attempts to a lower effort, higher reward attack: workplace ransomware. Let’s compare an individual breach to workplace ransomware.

Let’s assume both attacks start with a phishing scam. If the attack is successful, the criminal is in possession of a username and password. If it’s a personal login, the criminal has access to one account. It’s possible he may be able to reset passwords to other accounts or gain access through password reuse. He may be able to open credit lines, commit insurance fraud, and use the access to trick others with a phishing scam. There is plenty of damage that can be done on an individual level.

If the attacker has the victim’s work login, he has access to the workplace network. With this access, ransomware can be deployed quickly and easily. In a short time, the entire network can be locked and a ransom demanded. The business may be willing to pay a large sum of money to get their business operations up and running again.

When you compare the two scenarios, it’s easy to understand the shift from individual attacks to workplace ransomware. The potential reward is much higher when extorting a business. In fact, the ITRC report also notes that the average ransomware payout was around $233,000 in 2020, up from less than $10,000 in 2018. As payouts climb, we can expect to see an even bigger shift toward workplace ransomware. Criminals will continue to change their tactics, adapting to the ways individuals and companies are doing business online, how they protect their networks, and the success of the scams. Our advice, however, remains the same: stay cyber aware. This means using strong account protection, practicing your phishing recognition skills with every online message and being careful about where you share and store your personal information.