Welcome to the Identity Theft Resource Center’s Weekly Breach Breakdown for January 22nd, 2021. I’m James Lee.
Each week we take a look at the most recent and interesting events and trends related to data security and privacy. Human beings tend to end a year by looking forward…but begin the new year by looking back. Such is the case this week when researchers…having just finished publishing their 2021 predictions…turn to share their annual trend reports. How many of X and the increase or decrease in Y.
Here, we are interested in the trends that impact consumers and businesses when it comes to data privacy and security. And the first major report on those topics concludes that ransomware is now the single biggest cyber threat to businesses based on what happened last year. And if it’s a threat to businesses, it’s a threat to consumers.
You may not know the name Phil Dusenberry, but you know his work. If you saw a Pepsi commercial during the 80s, 90s, and early 2000s – you saw his handiwork. If you ever saw the “Morning in America” film for President Reagan or the baseball movie, The Natural – yep, those belonged to Phil Dusenberry, too. And now, he has contributed to today’s episode when he said: “…writing advertisements is the second most profitable form of writing. The first, of course, is” …hold that thought and we’ll come back to it.
Cybersecurity firm Proofpoint has found that ransomware is now viewed as the main cybersecurity threat by nearly half – 46% - of Chief Information Security Officers in a recent survey.
Even more alarming is research from New Zealand-based cybersecurity firm Emsisoft that concludes at least 2,354 US government agencies, healthcare facilities, and schools are the victims of ransomware attacks in 2020. The impacted organizations include:
- 113 federal, state, and municipal governments and agencies
- 560 healthcare facilities
- 1,681 schools, colleges, and universities
These kinds of attacks cause significant, and sometimes life-threatening, disruption when ambulances carrying emergency patients have to be redirected, cancer treatments are delayed, lab test results are inaccessible, and 9-1-1 services are interrupted.
Ransomware attacks are not limited to the public sector – private businesses are very much in the crosshairs of the professional cybercriminals who commit these crimes. According to the Emsisoft report, more than 1,300 companies, many based in the US, lost data including intellectual property and other sensitive information last year.
That’s just the number of companies with data published on websites where thieves post their ransom notes or stolen data for sale. It does not include the unknown number of companies that paid the ransom before anyone noticed.
Few cyber-criminal groups actually released the data they stole last year – only two are known to have done so – after companies refused to pay a ransom. But by the end of 2020, more companies were paying ransom figures in excess of $200,000 on average to avoid the release of their compromised information.
And they paid the demands even if they didn’t have to do so. Emsisoft has documented cases where businesses that had the necessary back-ups to restore their information still paid the ransom for fear their data would be released if they didn’t pay.
Proving Phil Dusenberry’s theory – the most profitable form of writing…is a ransom note.
Next week – the ITRC will publish its annual report on data breaches. How many, who was impacted, and why they occur. There are some very interesting trends that we’ll discuss on our next episode. Please join us for that.
If you have questions now about how to protect your information from data breaches and data exposures, visit idtheftcenter dot org where you’ll find helpful tips on this and many other topics.
If you think you have already been the victim of an identity crime or a data breach and you need help figuring out what to do next, contact us. You can speak with an expert advisor on the phone, chat live on the web, or exchange emails during our normal business hours.
If you want to work ahead and read our 2020 Data Breach Report – our 15th annual edition – it will be posted on our website on Thursday, January 28th as part of Data Privacy Day. Just visit idtheftcenter.org.
Until then…Thanks for listening.