September 21, 2021
Every 11 seconds, a company is hit by ransomware.
The amount of money lost to cybercrime is on pace to eclipse $6 trillion this year. That makes cybercrime the world’s third-largest economy, behind the gross domestic products (GDPs) of only the U.S. and China. (Cybercrime Magazine)
Its growth, fueled by hostile nation-state sponsored and organized crime gang hacking activities, is expected to explode by orders of magnitude going forward, surpassing $10.5 trillion by 2025.
Who, and what, is being targeted?
One of the top exploitation trends: on-prem, legacy software is the target of choice for attacks. (Bloomberg Law)
A recent attack targeted one private equity (PE)-backed company’s on-prem software, while attempts to cripple its cloud-based infrastructure failed. The cloud, however, was proactively shut down “due to an abundance of caution,” the company stated. (The Verge)
This case is, sadly, all too common nowadays.
What makes private equity such an attractive target?
25 years ago, one of the most iconic quotes in cinematic history became part of mainstream culture when, in the film “Jerry Maguire,” Cuba Gooding Jr. shouted to Tom Cruise: “SHOW ME THE MONEY!”
Private equity-backed companies fit the bill better than any other. “Scammers are looking for victims with weak security and deep pockets.” (Bloomberg)
ACA Group noted a few reasons ransomware cybercriminals have become fond of private equity-backed companies in recent years:
- Private equity firms are bound by disclosure requirements, which turns a firm’s portfolio into a veritable shopping list.
- Firms are hesitant to report cybercrime, as it may impact the valuation of an asset. This increases the likelihood that a firm will pay a ransom.
- Portfolio companies are often saddled with legacy, on-premises technology, which is a far more desirable—and vulnerable—target than a robust cloud infrastructure (a topic we will investigate more deeply in a companion post).
According to economist Lindsey Ice of the U.S. Bureau of Labor Statistics, “‘Businesses are expanding their digital presence, digitizing their operations, adopting cloud services—all of these factors are going to continue to increase demand for [information technology] services in general, as well as cybersecurity.’” (PBS News Hour)
In our next post, we will share how and why companies are moving to cloud-based environments, and how that builds a strong barrier against the rising tide of cybersecurity attacks.