Ransomware and Hybrid Work, by the Numbers

Ransomware attacks have dominated news headlines recently, thanks to high-impact targets and their increasing frequency. In just the past few weeks alone, the Irish National Health Service, the major fuel pipeline company Colonial, the software vendor Kaseya, the US meat-packing plant JBS Foods, and even the city of Tulsa, Oklahoma have all been victims of malicious ransomware campaigns.

Many are attributing the growing prevalence of ransomware to the pandemic-driven shift to remote and hybrid work. But what do the current numbers tell us?

1) Ransomware attacks rose by 150% between 2019 and 2020.

Harvard Business Review recently reported on the 150% increase in cyberattacks from 2019 to 2020—ransomware in particular. And while it’s easy to brush aside attempted attacks as media hype, it’s important to remember that perpetrators judge the success of ransomware attacks by how much money they bring in. That’s where the real damage becomes evident. In 2020, the amounts paid by victims of these ransomware attacks increased by over 300% compared to 2019.

2) US companies paid out nearly $350 million in ransom money in 2020.

To translate those stark increases into dollars, a report titled Combating Ransomware from the Institute for Security and Technology found that in the US alone companies paid out close to $350 million last year. However, that doesn’t tell the whole story. As the FBI notes in all of its materials on ransomware, each successful attack emboldens malicious actors. Those payments are confirmation that ransomware works and serve to increase the likelihood—and financial impact—of future attacks.

3) A ransomware attack is followed by a 19-day average downtime.

The true cost of a ransomware attack is far more than the ransom itself. Drawing on data from the cyber vulnerability company Coveware, security provider SafeAtLast reported that a ransomware attack led to an average downtime of nearly three weeks in Q3 2020. That lost productivity has serious effects on a company’s bottom line. In addition, the impact is growing. The current 19-day average represents a 57% year-on-year increase compared to the 12-day average that companies reported in the third quarter of 2019.

4) Over half (56%) of employers believe that employees adopted bad security practices while working remotely.

Among a laundry list of unsettling stats that trace a direct line between remote workers’ habits and serious security risks, CPO Magazine reported that a majority of employers were wringing their hands over their remote workforce. Furthermore, close to 40% of employees admitted to relaxing their standards as well as finding security workarounds. This also has implications for hybrid work, as work-from-home (WFH) employees could easily bring their lax security practices back into the office.

5) 54% of IT leaders are worried that their staff will threaten the hybrid work environment with infected devices.

It isn’t just questionable security practices that employees risk introducing into the hybrid workplace. The same Tessian “Back to Work: Security Behaviors Report” that CPO Magazine consulted found that IT leaders were concerned that the blurring lines between personal and professional devices would put compromised devices behind the firewall. Meanwhile, 40% of employees validated those concerns by saying they planned on using the same devices for office-based and remote work.

6) Close to one-third (30%) of firms have zero protection against malware for BYOD.

Despite these risks, many companies are under-equipped to deal with the threat of infiltration posed by compromised devices from remote and hybrid work. HSToday by the Government Technology & Services Coalition examined the “2021 BYOD Security Report” issued by cloud security specialist Bitglass and discovered that not even half (41%) of organizations were using some form of BYOD endpoint malware protection—with more than a quarter saying they weren’t using any at all.

7) Last year saw a 242% year-on-year increase in attacks on Remote Desktop Protocol (RDP) and collaboration tools.

What’s the Achilles heel of remote work and the biggest target for hackers? According to a blog by the digital platform security provider Irdeto, research by Kaspersky suggests that the most glaring point of exploitation is RDP vulnerabilities and lax RDP security. Between January and November 2020, 3.3 billion attacks of this kind were detected—and only time may tell how many went successfully undetected. We’ve written extensively about the security issues of RDP and how to avoid them, including our recent post “Protecting Against Ransomware by Addressing RDP Issues.”

8) In Q1 2021, RDP regained the top position as the most common attack vector.

Although RDP briefly took second place to e-mail phishing attacks during Q4 2020, Coveware reports that longstanding RDP vulnerabilities were once again the number-one vector for ransomware attacks in early 2021. Nearly half of all reported attacks took place through some compromise in RDP security.

9) Attackers launched 7.5 million external attacks on cloud accounts in Q2 2020.

In a big-picture look at the cyber threats facing the enterprise, Security Magazine found that cloud services—which have boomed as a result of remote work—had become an attractive target for ransomware attacks. Consequently, they deserved to be examined with the same scrutiny as RDP vulnerabilities. Along with paying close attention to configurations and the implementation of APIs on the user side, this means that IT teams need to choose cloud and SaaS providers who prioritize security.

10) Ransomware has grown more sophisticated, with a “sharper” point of attack.

It’s easy to get caught up in hard numbers and stats. But understanding the evolving nature of ransomware attacks is just as necessary for hardening your remote or hybrid work environment against them. The cybersecurity platform provider Axios says that the philosophy of ransomware “is now about creating a compromise and subsequent operational disruption.” As a result, its point of attack is “sharper.” With ransomware being deployed far more strategically, this means that lines of defense have to be strategic as well.

Cameyo both enables and safeguards the hybrid workplace

None of this suggests that companies should shy away from adopting remote and hybrid work models. It just means that they have to be very selective about the solutions they choose to support them.

Cameyo’s virtual application delivery platform was designed to empower the hybrid workforce while also providing the highest level of security against persistent ransomware threats like RDP vulnerabilities.

For instance, Cameyo Port Shield is a built-in feature that dynamically opens and closes RDP and HTTP(S) ports at the Windows Firewall level in response to secure, authenticated data traffic. That’s complemented by Cameyo NoVPN, which separates the user’s device from the corporate network by encrypting all traffic and delivering apps via a secure HTML5 browser. Features like these give IT teams the ability to embrace BYOD devices while still practicing a strict Zero Trust security model.

We’ve recently detailed how Cameyo enhances security while enabling remote and hybrid work, but there’s no substitute for firsthand experience. That’s why we offer a free, no-credit-card trial of our virtual application delivery platform that will have you up and running in a matter of minutes. You can also reach out to us at [email protected] or simply fill out a short online form to schedule a demo. Either way, you’ll see how Cameyo mitigates the risk of ransomware attacks and tightens RDP security as it streamlines your hybrid work environment.