Famous criminal Willie Sutton supposedly said he robbed banks “because that’s where the money is.” Today’s cybercriminals don’t even have to leave home to get paid.
In fact, victims send them money — no questions asked.
Perpetrators pull off these heists by using tools called ransomware, which is software that holds a user’s computer systems for ransom. If the victim doesn’t pay up, the cybercriminal either publishes the user’s data or prevents the user from accessing their data and applications, or sometimes both.
This isn’t a minor problem. Organizations fall victim to a ransomware attack every 11 seconds, and the average cost of an attack is $1.4M. In fact, ransomware cost $20B last year in the U.S. Reputational losses can be incalculable.
DFIN takes ransomware very seriously. Our clients entrust us with their most important — and often confidential — data, so we conduct multiple security awareness training campaigns annually for all employees and contractors to help ensure that everyone is doing their part to keep this data safe.
We pay special attention to phishing attacks, which were responsible for more than 80% of the reported security incidents in 2021. When you’re being phished, you will typically receive an email pretending to be from a reputable source but it’s actually from a hacker or criminal organization. The email will attempt to trick you into clicking on a file or link, thereby infecting your computer with ransomware or other malware.
DFIN has stringent measures in place to guard against phishing — for example, we:
- Utilize advanced technology products and enhanced security features to keep nearly all phishing messages from reaching a user’s inbox
- Conduct multiple phishing awareness training campaigns for all employees and contractors each year
- Train our internal team members to spot attacks by familiarizing themselves with the typical red flags, such as poor spelling and grammar in emails, threatening or urgent language, and unexpected links or attachments
- Conduct monthly phishing simulation exercises for all employees and contractors to test their knowledge
- Require users who fail a phishing exercise to undergo additional training
- Have tools in place to help users easily flag phishing emails for investigations/quarantine
With both ransomware and phishing on the rise, DFIN will continue to remain vigilant. You should, too.