Sometimes, it turns out that the answers we struggled so hard to find were sitting right in front of us for so long that we somehow overlooked them. When the Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, issues a cybersecurity warning and prescribes specific action, it's a pretty good idea to at least read the joint advisory. In their advisory AA24-242A, DHS/CISA and the FBI told the entire cybercriminal-stopping world that to stop ransomware attacks, organizations needed to implement phishing-resistant MFA and ditch SMS-based OTP MFA.
This year, we have experienced an astonishing surge in ransomware payments, with the average payment increasing by a staggering 500%. Per the "State of Ransomware 2024" report from cybersecurity leader Sophos, the average ransom has jumped by 5X reaching $2 million from $400,000 last year. Even more troubling, RISK & INSURANCE, a leading publication from the cybersecurity insurance industry, reported that the median ransom grew to $20 million in 2023, up significantly from $1.
4 million in 2022, while actual payments surged to $6.5 million, compared to $335,000 previously. Clearly, the imperative to stop ransomware attacks and data breaches is at an all-time high.
This alarming trend highlights the growing sophistication of cyberattacks and the weaknesses inherent in outdated security practices. The leading vulnerability across all organizations is the widespre.