author photo
By Shannon Flynn
Mon | Apr 4, 2022 | 1:28 PM PDT

Cybersecurity attacks are on the rise, especially since the ongoing COVID-19 pandemic. According to a report from McAfee Enterprise and FireEye titled, "Cybercrime in a Pandemic World: The Impact of COVID-19," 81% of global organizations have experienced increased cyberthreats, and 79% experienced downtime from an attack during a peak season.

Companies and executives must understand the ever-changing cybersecurity threat landscape in a high-risk digital environment. Hackers are becoming increasingly sophisticated in their attack methods, so staying updated on the latest trends is essential.

One common type of cybersecurity issue organizations face is ransomware. Although it's well-documented, a new type called leakware has emerged. Here is more information about leakware and some strategies companies can leverage to protect themselves from these attacks.

What is leakware?

Leakware is a potent, dangerous form of ransomware that emerged in 2019. It's slightly different from a standard ransomware attack—encrypting a user's files is a secondary concern. Sometimes, leakware is used in tandem with a ransomware attack to up the ante.

Before leakware came doxware, which was popular in 2016 and 2017. These attacks target individual consumers, but hackers quickly found they did not yield high returns. Instead, cybercriminals decided to hold off on announcing their presence until they accessed data companies would be willing to pay a ransom to recover.

Essentially, leakware attacks demand victims pay a ransom to accomplish two things: recover their encrypted data and prevent confidential, sensitive information from being disseminated.

The most frequent targets of leakware are hospitals, law firms, and financial services organizations. These industries often store sensitive data that hackers want to get their hands on. Leakware often slips into a corporate system unnoticed and can put sensitive data at risk, such as Social Security numbers (SSNs), phone numbers, and credit card information.

Strategies to protect against leakware

How can organizations and vulnerable executives stay protected from leakware attacks? Below are strategies to employ so organizations can protect themselves and prevent these hacks.

1. Adopt cloud services

Many companies in various industries have made digital transformations, as new and emerging technologies offer plenty of benefits. One type that companies can leverage is a cloud-based IT infrastructure.

According to the U.S. Government Accountability Office (GAO) data, 13 of the 16 agencies involved in the study reported a total cost savings of $291 million from using cloud services. Developing a cloud-first approach to IT management can help organizations outperform their competitors, fend off cyberattacks, and prepare for the future.

2. Implement strong email security

Strong email security helps employees avoid falling victim to common infection methods that lead to leakware incidents. Filtering and analysis are two essential components of next-level email security.

Email phishing attacks are a common method hackers use to execute leakware. Filtering and analyzing can prevent phishing emails from ever making their way into an employee or executive's inbox. Organizations should consider finding a viable security solution to offer enhanced protection.

3. Leverage Endpoint Detection and Response (EDR) solutions

Endpoint detection and response (EDR) can help prevent the infection from spreading across the corporate network. EDR solutions are essential for companies to maintain a good cybersecurity posture.

4. Use cybersecurity best practices

Touro College Illinois lists the best cybersecurity practices businesses should consider adopting. These practices will prevent leakware attacks, but they can also help enterprises avoid other common cybersecurity issues, such as distributed denial of service (DDoS), man in the middle (MitM), SQL, and password hacks. 

These cybersecurity practices include using unique passwords, multi-factor authentication (MFA), data backups, secure Wi-Fi networks, and anti-virus software.

5. Prioritize employee cybersecurity training

Employees who lack adequate security training make it much easier for hackers to take advantage of them through phishing attacks or other scams. It's easier to prevent an attack than to recover from one. However, many companies often put security training on the back burner.

Cybersecurity needs to be a team effort. Free training resources may work for small businesses, and larger corporations can implement paid sessions. Consider making cybersecurity training a priority in 2022.

Prevent leakware attacks in 2022

There is no foolproof way to protect a business from a potential cyberattack, but it's critical to take preventive measures. Leakware is a dangerous form of ransomware that can be challenging for companies to recover from. Consider using the strategies listed above, as they can help teams strengthen their security posture.

Tags: Ransomware,