In a survey of chief information security officers and chief security officers by cyber security firm Proofpoint, 46% said ransomware and extortion is the biggest threat they face in 2021.
In recent years ransom demands have jumped from the low ten thousands to six and even seven figures (However, average payments dropped 34% in fourth quarter 2020 according to Coveware). In addition to ransom payments (which may violate laws) costs include downtime, data recovery, regulatory penalties, lost revenue and possibly lost reputation.
For cyber criminals, ransomware is an easier way of making large sums of money than social engineering frauds. Encrypting networks can be combined with phishing and compromising cloud login credentials to gain more access to data.
55% of security professionals said their biggest risk was human error and lack of security awareness. Half of CISOs said their priority was improving employee awareness and training. However, 54% said limited time and resources were a problem.
Despite all the publicity, the survey found 28% of respondents believe an attack is not a likely cause of concern.