There has been no shortage of ransomware reports and data breaches affecting companies from all sectors all over the world, accelerated, in part, during 2020 as the COVID-19 pandemic caused a mass move to remote work and many organizations raced to accommodate the new normal. The City of Albany was hit with a ransomware attack where hackers demanded cryptocurrency as payment to recover encrypted files. Jackson County, Ga. paid a $400K ransomware payment to hackers as the breach kept prison guards from being able to remotely open prison cells. At the end of 2020, T-Mobile announced a data breach which its cybersecurity team had discovered and shut down malicious, unauthorized access to some information related to T-Mobile accounts. Reported phishing scams impersonating FedEx, UPS and Amazon skyrocketed during the holiday shopping boom. The U.S. Energy Department and National Nuclear Security Administration was reportedly hacked when threat actors accessed their networks as part of a major cyber-espionage operation that affected many U.S. federal agencies. Huntsville City Schools in Alabama closed for a week amid a cyberbreach and Baltimore schools also closed due to a “catastrophic” ransomware attack earlier in 2020. These examples are just the tip of the iceberg as major cyberbreaches and ransomware attacks are being reported in every sector of business and organization public and private.
In particular, phishing scams and ransomware scams are on an upward trend in terms of incidents reported. Though both types of security incidents have been around for many years, because more people are working remotely due to COVID-19, more sensitive documents are being shared over email and sensitive data may be unprotected in an organization’s network, says Michael Waters, member of the Tech Transactions & Data Privacy group at law firm Polsinelli.