Do you know what your company’s biggest cybersecurity threat is? According to the 2016-2017 Global Application & Network Security Survey, it’s ransomware. The study — which included 598 organizations from around the world — examined what threats organizations are facing online, as well as a detailed look at the cybersecurity landscape as it stands today.

While information about who is doing the hacking and why is fascinating, today we’re going to focus on the types of attacks that organizations are facing and specifically on ransomware. According to the survey, ransomware attacks made up 25 percent of cyber attacks in 2015. That number rose to 41 percent in 2016, a 16 percent increase. Ransomware was followed by “insider threat” (27 percent), “political” (26 percent), “competition” (24 percent), and “cyberwar” (24 percent). Twenty-one percent of organizations faced no attacks, and the final 11 percent had unknown motives.

If you’re just hearing the term “ransomware” for the first time, the short explanation is that ransomware is when a cyber criminal gets ahold of your data and literally holds it for ransom, refusing to relinquish it until they’re paid. Ransomware can get into your computer via email, ads, vulnerable software, or infecting your favorite websites. This is just a starter list — the possibilities for the ways cyber criminals can access your data are vast.

(For a longer explanation of what ransomware is and how to fight it, check out our earlier post on the topic.)

So what makes a company at risk for a ransomware attack?

The survey has put together a convenient acronym to explain the factors that make an organization most at risk of a ransomware attack: CAVE. It stands for “culture,” “assets,” “vulnerability,” and “expertise.”

Culture

The survey says that there are two types of culture that make a company more likely to be targeted for a ransomware attack: being really risk-averse and those with a “pay-up culture.” The thinking goes that if your company is known for being especially private and concerned about reputation, it’s unlikely you’ll fight back if sensitive data is at risk. And if you’re known for taking a “just make it go away” approach and paying easily, you’re also at risk.

Assets

Ransomware is about one thing: Making money easily. A company needs to have enough assets — or value the stolen assets enough — to be able to pay the criminals' demands.

Vulnerability

Cyber criminals are looking for ways that organizations are vulnerable to attack. While the original ransomware attacks were primarily by email, attackers have gotten smarter and more sophisticated over the years. These days, vulnerabilities are vast. However, the survey says that the vulnerabilities most preferred by attackers are ones that are common across a large number of organizations, for max return on their actions.

Expertise

Or rather, lack thereof. Hackers target organizations that either haven’t invested in IT or don’t have the resources to hire great professionals to help them when they are attacked. Makes sense, right? Predators go for the weaker prey.

If the increase in percentage of organizations who faced ransomware attacks in 2016 is any indication, this type of attack isn’t going anywhere. Stay educated and stay aware in order to protect your company’s assets.

Photo courtesy of @madbyte