For IT decision-makers, ransomware is no longer their number one concern - data theft is.
A survey from Integrity 360 found more than half (55%) saw data theft as their number one concern, followed by phishing (35%). Ransomware “only” came in third, with 29% saying they were most worried about this type of cybercrime.
Ransomware has been making headlines since its meteoric rise in popularity over the last decade. It has since lived through multiple evolution cycles and today, besides encrypting sensitive data on the target network, also includes data theft.
Ransomware attackers would exfiltrate sensitive information from compromised endpoints and demand payment in exchange for not leaking the stolen information. Some ransomware operators have even stopped deploying the encryptor and focus solely on data exfiltration as it has proven easier and faster while providing the same results.
A business that loses data this way risks losing clients due to a tarnished image, risks loss of profits through disruption, as well as fines imposed by law enforcement, state legislators, and data watchdogs.
Furthermore, among CIOs (30%) and CTOs (33%), advanced persistent threats (APT) and targeted attacks are a bigger threat than ransomware.
“Most APT attacks are targeted and they're pretty well-crafted, stealthy and generally well- resourced, possibly state-sponsored,” Martin told Infosecurity Magazine.
“APTs aren’t completely discriminate about who they attack, historically they tended to focus on critical national infrastructure or financial institutions hosting sensitive information and intellectual property. If you’re not in that category, yes you should worry about targeted attacks, but APTs wouldn’t be the number one priority,” he concluded.
More from TechRadar Pro
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.