Uncover the highly evasive adaptive threats (HEAT) causing ransomware attacks.
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Share this article
The recently released 2022 CyberEdge Cyberthreat Defense Report features some good news and some bad news. The bad news is that cyberattacks continue to rise in volume and sophistication – a not-so-surprising insight. The good news is that organizations around the world are finally acquiring the right tools to fight back.
According to the report, 85 percent of organizations experienced a successful cyberattack within the last 12 months, while 40 percent were the victims of six or more attacks – the most ever recorded for this particular survey. Unfortunately, respondents were not optimistic that their organizations will be free of attacks in the future, either. More than 75 percent expect a successful breach of their organization in 2022.
Malware continues to be the number one fear among security personnel, but account takeover (ATO) and credential theft attacks moved up from fourth place last year to second place in this survey, slightly ahead of ransomware and just behind malware. In fact, the average concern rating for ATO attacks increased the most, rising .08 points, from 3.89 to 3.97 (on a scale of 1 to 5). Interestingly, the increase was driven by an upsurge in concern among finance and financial services companies, and to a lesser extent, among manufacturing and telecom and technology companies.
Unsurprisingly, ransomware continues to dominate security teams’ concerns, and CyberEdge predicts that it will overtake malware as the number one concern in next year’s report. The percentage of organizations hit by ransomware attacks ballooned from 55 percent in 2018 to 71 percent in 2022, while average ransomware payments skyrocketed to $322,000 in Q4’21 – up from just $12,000 in Q1’19.
We’re always talking about the self-perpetuating ransomware cycle at Menlo Security, and the CyberEdge report backs it up with hard numbers. As more organizations are able to recover their data after paying a ransom, the likelihood increases that more organizations in the future will pay whatever attackers demand – making ransomware a highly lucrative business model (especially when you factor in double-extortion attacks that threaten data exposure of sensitive information in addition to data loss). As ransomware becomes more successful and more lucrative, the volume of attacks continues to go up. For cybercriminals and their tactics, it’s a matter of wash, rinse, repeat.
The top two concerns among security leaders are a lack of skilled security personnel and low security awareness among employees at the organization. Five out of six organizations report a shortage of skilled security professionals, as the ongoing global pandemic and the acceleration of digital transformation continue to put enormous pressure on security teams. But, finally, organizations are now empowering their security teams with the tools they need to fight back.
According to the report, Internet isolation installations grew 7 percent in 2021, from 48 percent to 55 percent. Internet isolation solutions mean that instead of viewing web pages and running scripts and apps in browsers on their own systems, end users run them in a virtual browser on a cloud platform. This lack of endpoint access prevents malware from gaining a foothold on users’ systems and subsequently spreading throughout the network to more valuable targets.
In today’s world where successful cyberattacks are expected, organizations lack adequate in-house security expertise, and users have low security awareness, a Zero Trust solution powered by isolation technology is a sound security strategy. With Zero Trust, it simply doesn’t matter if a user clicks on a malicious link, if someone is using an unmanaged personal device, or if an attacker uses highly sophisticated evasion techniques, because Internet isolation prevents these attacks from taking hold.
Download the CyberEdge report to learn more about how organizations around the world are meeting today’s security threats, and reach out to Menlo Security to see how we can stop today’s HEAT attacks in their tracks with Internet isolation.
Marcos Colon on Apr 19, 2022
HEAT, Threat Research
To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.