More than one-quarter (26%) of Fortune 100 companies are highly likely to fall victim to a ransomware attack from cybercriminals in the next 12 months. And the problem is that “large companies typically don't think the way the bad actors do,” warned Bob Maley, chief security officer at Black Kite. 

“It's a repetitive process, it's all about cybersecurity basics that these companies don't seem to take seriously, or they don't seem to want to invest in,” Maley explained in an interview with SDxCentral, adding that “we see a lot of weak credentials and … unpatched systems. It's the combination of those things that really drive their susceptibility.” 

According to Black Kite’s latest report, exploiting vulnerabilities that allow remote-code execution is trending among ransomware threat actors. The report suggests organizations fix software and application vulnerabilities susceptible to a cyberattack, citing that software vulnerabilities were exploited in one-fifth of ransomware attacks over the last three years.

Maley warns that the first indicator that a bad actor will look at is an older operating system, which is a historical point of entry for the adversary.

Most companies that use an older operating system say it's fully patched and they have internal controls to make sure that attackers don't compromise the system, Maley said. "Well, it doesn't really work that way. It is extremely complicated,” he added.

A recent IDC ransomware survey echoed this finding. It concluded that digital transformation (DX) laggards are significantly more likely to experience a ransomware event compared to organizations that have committed to a long-term DX investment plan with a multi-year approach tied to an enterprise strategy.

Along with patch management, Fortune 100 companies’ performance on credential management ranks among the lowest in the report’s 19 cyber risk categories. 

“Leaked credentials are not necessarily login information that leaks directly from a company,” Maley explained. Instead, it's more common that employees use the same email address and password for different systems including personal banking, social media, and work accounts, which leads to credential reuse, he said.

To prevent credential-stuffing attacks, Maley recommends organizations have a policy in place that says employees are not allowed to use their credentials elsewhere. More importantly, he said, “multi-factor authentication has to be enabled, especially on critical systems,” and the administrator accounts for those systems should be extremely tightly controlled. 

For small companies using services from Google or Microsoft, Maley suggests implementing two-factor authentication and email security functions that those platforms offer for free.

The IDC survey found that in the past 12 months, more than one-third of organizations worldwide have experienced a ransomware attack or breach that blocked access to systems or data. 

"As the greed of cyber-miscreants has been fed, ransomware has evolved in sophistication, moving laterally, elevating privileges, actively evading detection, exfiltrating data, and leveraging multifaceted extortion,” IDC program VP Frank Dickson said in a statement.

Similarly, Black Kite’s report found that 60% of Fortune 100 companies have experienced a breach in the past. It warns that cybercriminals are notorious for targeting organizations that don't fix their security issues and vulnerabilities after they are exploited.

“Learn from the past,” Maley said, adding that companies that have experienced an attack have access to a significant amount of data about why the breach happened. Therefore, he suggests doing a root-cause analysis and using data-driven defense to prevent future breaches instead of “broad brushstrokes” to shore up systems.

Maley says that all companies with an internet presence must “pay attention, get back to the basics,” and understand how bad actors think. “We don't think that it's really going to change much in the near future.”