Sophos has released its 2022 ransomware report based on real-world IT professionals’ experiences last year, across mid-sized organizations in 31 different countries. The study concluded that the number of attacks is up, with increasing complexity and impact. About 2/3 of organizations involved in this study indicated that they were hit by ransomware in 2021, which represents an increase of 78% over the previous year. Ransomware works by encrypting a company’s data so they cannot access it until they pay the ransom. The success rate of these attacks increased to 65% of organizations having the data encrypted as a direct consequence of the attacks, from 54% in the previous year. Lastly, 4% of the victims experienced an extortion-only attack where data was not encrypted but there was a threat to expose the data publicly.

Harvard Business Review published an article on 1/20/22 by Clay Posey and Mindy Shoss titled Why Employees Violate Cybersecurity Policies. They explored why employees violate cybersecurity policies, and the results were quite interesting. Contrary to popular belief, their recent study suggests that “the vast majority of intentional policy breaches stem not from some malicious desire to cause harm, but rather, from the perception that following the rules would impede employees’ ability to get their work done effectively. The study further found that employees were more likely to violate policy on days when they were more stressed out, suggesting that high stress levels can reduce people’s tolerance for following rules that seem to get in the way of doing their jobs.”