The Federal Bureau of Investigation (FBI) is warning companies in the United States to be alert to the risk of dual ransomware attacks, in which the same organization is targeted more than once in quick succession.
The warning came in an FBI private industry notification dated 27 September 2023: “The FBI noted a trend of dual ransomware attacks conducted in close proximity to one another. During these attacks, cyber threat actors deployed two different ransomware variants.”
The FBI also pointed out that a range of ransomware tools are being used in different combinations – with potentially devastating consequences for targeted companies. “This use of dual ransomware variants resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments. Second ransomware attacks against an already compromised system could significantly harm victim entities.”
In most cases, the second attack has come within 48 hours of the first, but the period between attacks has been as long as 10 days.
To mitigate the risks from dual ransomware attacks, the FBI recommends companies review their security posture, maintain offline back-ups of critical data and ensure those back-ups are encrypted.
A report into employment challenges in the cybersecurity sector finds companies around the globe are failing to fill millions of vacant positions. The Information Systems Audit and Control Association (ISACA), which has 170,000 members in 188 countries, has published its 2023 State of Cybersecurity global update.
The report, which details the opinions of 2,178 members who responded to a global survey, found the industry was failing to attract recruits to fill positions from entry-level right up to C-suite roles.
Looking to the future, ISACA sees no short-term solution to the staffing challenges in the sector and a rising demand for skilled cybersecurity specialists.
The report’s findings align with the World Economic Forum’s Global Cybersecurity Outlook, 2023, which reveals that 59% of business leaders and 64% of cyber leaders rank talent recruitment and retention as key challenges for managing cyber resilience. Additionally, less than half of the respondents reported having the people and skills needed today to respond to cyberattacks.
According to the Forum’s Future of Jobs 2023 report, cybersecurity is among the top strategically emphasized skills for the workforce. Yet, there is a shortage of 3.4 million cybersecurity experts to support today’s global economy.
A less traditional approach to training and recruitment in the cybersecurity sector, focused on diversity and a less rigid reliance on qualifications, could significantly widen the pool of available talent.