Wednesday, July 17, 2024
Evina 110o x 220

A spike in financial data breaches are coming from ransomware

Recently published data suggests that modern businesses and institutions are facing elevated threats from significant cyber-attacks. One study by Check Point Research found that global cyber-attacks increased by almost 40% during 2022, with supporting data indicating over 230 million ransomware attacks were reported globally during just the first half of the same year.

As the frequency of sophisticated cyber-attacks continues to increase, so too does the severity of these threats, with IBM’s Cost of a Data Breach Report 2023 finding breaches to cost the average business around $4.45 million in damages, an increase of 15% over the last 3 years.

Several factors may be contributing to these figures, including the rise of hybrid and remote work structures contributing to lapses in commercial cybersecurity measures. With more staff working from home, it can be hard to verify which communications are genuine and which are malicious, leading to growing numbers of employees falling victim to social engineering attacks.

Social engineering threats

Data suggests that 90% of all recorded data breaches involve some form of social engineering, including phishing, baiting and malware attacks designed to infect supposedly secure devices, with mobile devices such as smartphones and laptops potentially facing elevated levels of risk.

In many ways, appropriately securing mobile devices can be particularly difficult when compared to desktop computers and installed physical security technologies. For one, it can be relatively easy to make sure stationary systems are only ever connected to a single secure network. While with mobile devices, it’s likely that users will try to connect to various unauthorized Wi-Fi networks.

Cybersecurity professionals may advise employees to avoid accessing sensitive accounts and private data when connected to public Wi-Fi networks, though unless some form of advanced zero trust policy is in place, many businesses may be powerless to actually address these risks.

Fraudulent applications

Additionally, the threat of fraudulent applications is often far more apparent when using mobile devices. When operating desktop computers, much of the user’s activity is confined to browsers and trusted software applications, while mobile users perform most tasks within specific apps. If a user opens a malicious link on a mobile device, and accidentally downloads a fraudulent app, hackers and ransomware programs may suddenly have full access to the entirety of the device.

As most smartphone users trust official app stores, many may not realize the real dangers of downloading malicious apps until it’s too late. These factors may be contributing to the rise of cyber-attacks targeted specifically towards smartphone users. One study by Zimperium found that of 500,000 analyzed phishing sites, 75% were adapted to target mobile devices, with data indicating a 50% increase in mobile-specific phishing websites during the period of analysis.

How to protect mobile devices

So, what can be done to better protect mobile users from falling victim to modern sophisticated ransomware attacks? Primarily, both independent mobile users and institutions issuing mobile devices to employees must make sure to back up all important data. Though this process won’t prevent attacks, it can mitigate damages and help users to respond to threats more efficiently. 

It’s advised that users maintain a minimum of three copies of all important files and data assets secured in data storage systems not connected to their primary device. Backups should be performed frequently and access to these systems must require unique access credentials.

In addition, mobile users must be warned to never download applications if they cannot verify the source of the software. In particular, users must refrain from downloading .apk files from unverified sources, alongside never opening email attachments from any unknown contacts.

Mobile users should also adhere to modern cybersecurity best practices. “Individuals should make use of the biometric and multi-factor authentication systems already present in modern smartphones, enabling settings that require these forms of verification before any file or app is able to be downloaded,” says Zachary Jarvinen, Vice President of Exact Payments. Experts suggest MFA alone may prevent up to 99% of data breaches..

Mobile devices must also be regularly updated. Hackers and cyber criminals are known to target old software and systems that have not received updated security patches, though research suggests as many as 64% of Android users may be operating outdated systems. Users must make sure their mobile devices are configured to receive automatic operating system updates.


Though it’s unlikely that the threats posed by cyber-attacks and ransomware programs will disappear any time soon, individuals and organizations can minimize risks by adhering to the principles covered above. Provided users remain vigilant and make sure to always verify the source of incoming files and communications, devices and data can be protected from harm.

Subscribe to our newsletter

To be updated with all the latest news, offers and special announcements.

Evina 900x750