Ransomware: Looking beyond endpoint protection

The last year has been one of the most active in the previous decade in cybersecurity. More than 1,000 data breaches took place in the United States alone, with a total of 155 million individuals impacted by data exposures, according to Statista. But when it comes to ransomware, the data on this insidious type of cyberattack is even more alarming.


Botnet attacks once ruled the threat landscape as the preferred method for threat actors to cash in, but ransomware quickly took its place. Data from Bitdefender’s Mid-Year Threat Landscape Report 2020 points to a 715 percent increase in ransomware attacks in 2020 globally. Email phishing campaigns, remote desktop protocol vulnerabilities, and software flaws are the most common means of infection.


What’s led to this distressing increase, and what can modern-day security professionals do to protect the business? The answer isn’t found on the endpoint.


The perfect storm: The 2020 threat landscape

First, let’s put the threat landscape into context when it comes to the events of the last 15 months. Yes, 2019 was a year for the record books regarding ransomware, especially considering that more than 900 U.S. government agencies fell victim to attacks. But the COVID-19 pandemic is what really put organizations into a tailspin in 2020, says Vinay Pidathala, director of security research at Menlo Labs.


“The rise of ransomware in 2020 can really be attributed to a culmination of things,” Pidathala says. “You have a sudden change in which organizations moved to remote workforces worldwide. Employees are also adjusting to working from home while balancing other duties at the same time, like taking care of their kids and household chores.”


These abrupt changes had a pretty significant impact on employee awareness related to remote work, leading to careless use of the Internet and not paying close enough attention to the barrage of emails that are coming in—resulting in risky behavior that could be costly for businesses.


“User awareness really took a hit,” Pidathala says. “Challenges were also presented when it comes to endpoints. In many cases, personal laptops are being used to conduct work, and…