We’ve quoted Stocklytics a couple of times, in recent memory; once on our Future of Work News site regarding AI startups and investor attention, and the other on IoT Evolution World while discussing the Internet of Things; industry growth and security concerns, and so on. The statistics and commentaries shared therein proved fruitful, if you ask us.
So, let’s do it again.
According to Stocklytics, the global number of ransomware attacks dropped by approximately 36% in 2023. We don’t need to reiterate that this is a good thing.
However, we do need to dissect how ransomware – despite cybersecurity gains – is still badly plaguing industries left and right.
Specifically, the financial sector.
Ransomware attacks, as we know, take folks’ digital lives hostage. It’s a major concern, through and through. Criminals break into devices, lock away important (and often highly sensitive) data, and then demand ransoms to unlock them even though there’s no sure-fire guarantee the data will indeed be restored. The danger of ransomware attacks boom as technologies progressively evolve, too; systems’ weaknesses are exploited via complex encryption, information is scrambled and stolen, the whole nine yards. From phishing emails and unpatched software to unsecure remote access points (especially in the post-pandemic “Work From Home/Bring Your Own Device” age), digital intruders’ impacts can devastate reputations and create immense and undue financial woes.
In this vein, Stocklyitcs also reports that 65% of financial organizations worldwide still reported having experienced ransomware attacks in 2023. So sure, numbers are decreasing, but threat vectors are also increasing. That’s the double-edged sword of context and relevance, as fate would have it.
Stocklytics writes:
“Although a lot has changed since the WannaCry ransomware attack in May 2017, with companies and organizations taking various security measures and boosting their cyber security budgets, ransomware remains one of the leading types of cyberattacks globally. Last year, ransomware made up nearly two-thirds of all reported cyberattacks, and most of them happened in the financial industry, one of the most targeted sectors.”
Per Stocklytics and Statista:
- 34% of financial organizations worldwide were hit by ransomware attacks in 2021, followed by 55% in 2022 and then the aforementioned 65% in 2023. Hence, a clean general year-over-year drop, but still a troubling problem.
- The share of financial organizations that made ransom payments in 2022 and 2023, however, present figures not quite as clean. In 2022, 52% made ransom payments, followed by 43% in 2023. A decline, right? Unfortunately, not so much – in 2022, only 5% of those orgs paid more than $1 million. In 2023, that number bounced high to a startling 40%.
Our theory?
Technology is more sophisticated now, due largely to the proliferation of sophisticated generative artificial intelligence, or GenAI. It’s not the only factor, but it’s a big one.
Furthermore, despite financial services institutions reporting a would-be promising 81% adoption rate of high-level encryption, attacks are still compromising digital fortifications; operations disrupted, finances lost, reputational damages paving over honest progress.
What can be done?
I, for one, highly recommend reading some of our fellow editor Greg Tavarez’s articles on MSP Today and Cloud Computing, for example. There are myriad cybersecurity providers attempting to impress how vital it is to shore up modern defenses, and Tavarez covers their solutions often.
On top of that, professional recommendations range from employee and awareness training through regular practices like phishing simulations, to the establishment of robust security policies and actionable procedures to prepare for new and formidable threats. (There’s also always stronger password management and authentication protocols, regular patch management and backups, stronger encryption, network segmentation, expert assessments and much more.)
In the meantime, reports like Stocklyitcs’ here serve as reminders that no one person – nor one business, one global megacorporation, you name it – is immune to invasive ransomware and the bad actors behind attacks. Apprising others of ongoing situations and triple-checking that best practices are in place is a great step to take not just once, but to continue taking as the goods and bads of technology multiply in tandem.
Edited by
Greg Tavarez