This is really a must-read for anyone who can't sleep at night because of worries about ransomware attacks. If you are too frazzled, here are my main take-aways / Key Points:
- Ransomware groups operate with sophistication rivalling legitimate tech start-ups, offering customer support services and employing go-to-market-like strategies.
- Healthcare-related organizations are increasingly targeted, defying traditional avoidance codes.
- Repeat victimisation is prevalent, with numerous companies targeted by multiple ransomware groups.
- Small organizations, with revenues under $20 million, constitute a significant portion of ransomware victims.
- Ransomware-as-a-service (RaaS) operators dominate, dictating terms as new entrants emerge.
- Victim counts have doubled year over year, signalling an accelerating threat environment.
- Proactive measures and adaptability are essential to navigate the evolving ransomware landscape.
Action Points are rather straight-forward and "obvious":
- Implement proactive measures, such as continuous (vendor) monitoring and risk prioritisation, to mitigate ransomware risks and safeguard business operations.
- Stay vigilant and adapt strategies to combat evolving ransomware threats, emphasizing collaboration and proactive defence measures.
Our Chief Research & Intelligence Officer, Ferhat Dikbiyik, Ph.D., CTIA, dug through every disclosed third-party breach from 2023, so you don’t have to. He outlines key takeaways and work that still needs to be done. Check it out now: https://lnkd.in/gQAvnuHy
2024 Third-Party Breach Report Key Takeaways
blackkite.com