Cybersecurity

A new global study finds that the threat of ransomware remains at “peak levels,” with half of organizations across all sizes, regions and industries falling victim to at least one attack last year. According to Fortinet’s 2023 Global Ransomware Report, most organizations lack a clear strategy for dealing with increasingly sophisticated and aggressive attack variants.

Risk management was a classic back-burner issue in many IT organizations for years. Faced with tight budgets, staff shortages and day-to-day deadlines, most were inclined to focus their resources on their immediate needs. However, rapidly expanding attack surfaces are forcing organizations to make risk management a higher priority in 2023.

We tend to think of cyberattacks as highly sophisticated operations that use complex techniques to bypass layers of digital security measures. In truth, most are stunning in their simplicity, using social engineering tactics to manipulate individuals into divulging confidential or personal information.

For decades, information security practices were built around the core theory of “implied trust” — an assumption that users and devices operating inside the network were trustworthy and that any threats would originate outside the network perimeter. That has become a dangerously flawed concept.