Ransomware and hybrid phishing are a growing concern for businesses. Successful ransomware and phishing attacks can have direct and indirect financial impacts on any organization, including loss of business, operational downtime and reputational damage. According to the “The State of Ransomware 2022” report released by cybersecurity firm Sophos, 66% of survey respondents from mid-size organizations said they had been a victim of ransomware – up from 37% in 2020.
In addition, cybercriminals are increasingly relying on various method of attacks to exploit victims. The “2022 Email Fraud & Identity Deception Trends” study by email security firm Agari found that employees are receiving more and more potentially harmful emails, with 80% of credential theft attempts delivered via a phishing link. Hybrid voice (often called “vishing”) and email phishing attacks are being reported at the highest level ever in history. One common hybrid phishing scam involves including a call-back number in the body of a malicious business email to lure someone into interacting with a fake representative over the phone.
Because ransomware and hybrid phishing attacks are becoming progressively more sophisticated, it’s important to ensure that precious time and resources are best used to deal with ransomware and hybrid phishing threats. No matter your industry or business size, you should be prepared to fight these threats.
How to prevent ransomware and hybrid phishing attacks
Here are six key tips for preventing ransomware and hybrid phishing attacks:
-
Regularly evaluate cybersecurity defenses to ensure they continue to meet the organization’s needs as they shift over time. Putting these defenses in place is not a one and done. As your organization grows and needs change, your resources may need to adapt.
- Proactively anticipate threats and use in-house or outsourced resources to purposefully detect and respond to potential attacks.
- Provide focused employee training to help employees learn to identify potential attacks. If your employees know how to spot phishing attempts, your organization may avoid attacks that start at the colleague level.
- Perform regular audits to best identify and evaluate threats, including unpatched devices, open ports and other avenues of potential security gaps.
- Plan for the worst and hope for the best so that the entire organization knows how to respond when an attack occurs or is suspected to have occurred.
- Back up, back up, back up – and then practice recovery and restoration to ensure you can get your systems up and running again as quickly as possible.
Cybersecurity should be at the top of your organization’s priority list. Following these six tips can help you start the process. And whether you’re an IT specialist or in-house CPA, you should be equipped with cybersecurity risk management.
Earn 3 CPE credits and learn more about cybersecurity with the Becker CPE course, “Cybersecurity Preparedness for Industry CPAs.”