Читать книгу The Security Culture Playbook - Perry Carpenter - Страница 21

Cybersecurity Ventures recently published its forecast for the growth of ransomware over the next 10 years. It's not good. By 2031, “[r]ansomware is expected to attack a business, consumer, or device every 2 seconds […] up from every 11 seconds in 2021” (Braue, 2021).

Here are a just a few points to help put the problem into perspective (as of 2021):

 Over one-third of organizations globally have been hit by ransomware (International Data Corporation, 2021).

 Of those hit, roughly 87 percent ended up paying the ransom (International Data Corporation, 2021).

 We are now at a point where ransomware isn't just about making your data inaccessible; it's about exfiltrating the data, using it for extortion against multiple parties, and generally doing everything possible to gain leverage and destabilize your organization. You have no choice but to assume that a ransomware incident is a data breach (Sjouwerman, 2021).

 Social engineering via phishing, vishing (voice phishing), smishing (phishing via text message), and social media are all on the rise (Phishlabs, 2021; Martens, 2021).

 The global average cost of a data breach is $4.24 million (IBM, 2021).

 The global average cost of a ransomware attack is $4.62 million (IBM, 2021).

 The average per-record cost of a data breach is $161. That goes up to $180 if the record contains customer personally identifiable information (PII) (IBM, 2021).

All of this rises to the level of materiality. And material risk is one of the most important things that an executive team and board of directors is concerned with. This is why it is so important to make your human layer of defense a central part of your cybersecurity narrative.