Ransomware attacks have been increasing over the past few years, with hackers leveraging sensitive data to demand payments from companies. A report by Moody’s highlights that ransomware attacks will not only persist but are likely to focus on larger organisations by exploiting supply chain vulnerabilities. Hackers aim to target weaknesses in third-party suppliers to access high-value organisations, seeking significant payouts. This shift could lead to higher credit risks for more rated companies.

Between 2022 and 2023, ransomware attacks grew by 70% globally in terms of both incidents and ransom demands. In 2024, the largest ransom paid reached $75 million, compared to $38 million in 2023. Despite the rise in attacks, the proportion of victims paying ransoms has been declining. In early 2024, only 28% of victims paid, down from 85% in 2019. This trend is driving increased adoption of cybersecurity measures and more active law enforcement involvement. To compensate for fewer victims paying, hackers are now focusing on larger organisations that can afford higher payouts.

Hackers are increasingly targeting high-value industries such as finance, technology, healthcare, and logistics, which hold critical data and are central to global supply chains. Financial institutions face significant risks due to their handling of large financial transactions and sensitive client data. Cybercriminals exploit supply chain vulnerabilities by targeting suppliers, vendors, or third parties with access to their target’s systems. These attacks rely on trust relationships between businesses and suppliers, allowing hackers to bypass the primary organisation’s security.

As larger organisations implement stringent cybersecurity measures, hackers find it easier to attack less-protected vendors. Supply chains often involve multiple suppliers with varying levels of security, creating opportunities for attackers to exploit weak points.

Phishing remains a primary method for cybercriminals, and the use of generative artificial intelligence (GenAI) has amplified this threat. GenAI allows hackers to create personalised, highly convincing phishing messages that mimic legitimate communications. According to a March 2024 study by the IEEE, 60% of participants fell victim to GenAI-driven phishing attacks. This technology reduces the costs of launching phishing attacks by up to 95% while increasing their effectiveness, making them more accessible to hackers. As a result, phishing attacks surged by 58% in 2023, as reported by cybersecurity firm Zscaler.

To combat these threats, companies must strengthen their cybersecurity strategies. Key measures include enforcing strict security standards for vendors and conducting regular audits, adopting zero-trust security models that deny access by default, continuously monitoring networks for unusual activity, and training employees to identify and respond to potential threats. Proactive security measures are critical to mitigating the growing risks posed by ransomware and phishing attacks.

Disclaimer: This image is taken from Business Standard