Financial records, customer data and intellectual property. These are the shining jewels among sensitive company data, and the investment and effort put into protecting these jewels are the difference between company success and failure.
It’s to no one’s surprise that companies are increasing their IT spending to boost security. Almost two-thirds of companies increased IT security spending from 2021-22 according to GetApp’s “2022 Data Security Report,” and 78% of companies say their security budget is appropriately funded.
Whether they actually are well-enough funded remains to be seen, but certainly, seeing the increased spending in security is an encouraging sign considering the rise in ransomware attacks. More than half of organizations experienced a ransomware attack in 2022, an increase from 35% in 2021. However, the percentage of ransom payments declined. Close to two-thirds of companies paid the ransom in 2022 compared to 72% in 2021. It’s still a much higher number than it should be, but the decline is promising.
The decrease in ransom payments is likely attributed to more companies successfully decrypting data and removing the malware or recovering from the attack by using a backup without paying a ransom. That means there is still work to be done on the security front.
An area companies need to improve on to prevent attacks, though, is phishing schemes. They reached a critical point in 2022. The percentage of companies reporting phishing increased from 77% to 89%, and a worrying concern is the number of companies that report someone actually clicking a link in a phishing email — up from 64% to 81% in only the last year. The percentage of employees clicking on phishing links jumped from 43% to 81% in the last three years.
Cyber attackers’ tactics are becoming smarter, but it shows companies need to prioritize email security based on these stats alone, and educate staff on the increasingly sophisticated social engineering strategies that threat actors use in phishing emails – like the one that resulted in the recent Uber breach.
In fact, they are taking that initiative to fight back by using phishing tests to gauge and address employee vulnerabilities to phishing ploys. The percentage of companies that use phishing tests rose from 30% in 2019 to 70% in 2022. Multi-factor authentication is also being implemented to mitigate many of the most common data security threats, including phishing attacks.
Bad actors in ransomware attacks will always look for new ways to infiltrate businesses and steal sensitive data and threaten to release that information unless a ransom is paid. Despite ransomware rising by a decent percentage in 2022, it’s good to see companies taking the initiative with cybersecurity. Of course, there is work to do yet, but educating employees and investing into IT cybersecurity is an encouraging practice to help mitigate attacks.
Edited by
Erik Linask
