Stuart Madnick is the John Norris Maguire Professor of Information Technologies at the MIT Sloan School of Management and the founding director of the Cybersecurity at MIT Sloan (CAMS) research consortium. Organizations are spending more money than ever on cybersecurity—an estimated $188 billion globally in 2023, a figure expected to grow to almost $215 billion in 2024—yet hackers always seem to stay a step ahead. The number of reported data breaches in the U.S. rose to a record 3,205 in 2023, up 78% from 2022 and 72% from the previous high-water mark in 2021, according to the nonprofit Identity Theft Resource Center.
Trends are similar in other parts of the world. What can explain these two seemingly contradictory statistics? If awareness of and spending on cybersecurity is growing, why do data thieves remain undeterred? Based on our research, three things are helping to drive the current increases: Evolving ransomware attacks: In traditional ransomware attacks, which I call Ransomware 1.0, hackers break into a company’s computer system, “lock up" data by scrambling it and demand a ransom payment in return for the decryption key. To resume business, companies typically have a choice: Pay the ransom or try to re-create the data that has been frozen.
In these attacks, data isn’t stolen, so there is no data breach to report. Ransomware attacks have evolved, however, in two key ways. First, after a slight drop, these kinds of attacks are on the rise again due to the emergence of ransomware gangs that franchise their malware and make it available to budding cybercriminals.
Read more on livemint.com