Benchmark your organization against leading TPRM programs and enhance your approach to cyber risks in the supply chain with a risk ratings solution.
Get a free 30-day trial of the RiskRecon portal and see the ratings of up to 50 vendors.
Discover how risk ratings platforms can improve risk management decisions and drive better outcomes in today's evolving business landscape.
Based on analysis of over 600 publicly reported ransomware events, RiskRecon has discovered that criminals are detonating ransomware at targeted organizations seven days a week, leaving no time for enterprises to shore up their security operations.
RiskRecon researchers identified 654 ransomware events that were publicly reported between April 2017 and December 2021. The date the ransomware was activated to encrypt systems was disclosed in 473 of the 654 events. Friday had the highest share, at 19% of all disclosed ransomware detonation events. Wednesday was the second most common day ransomware was detonated, having 17%, followed by Sunday with a 15% share.
“Criminals aren’t taking the weekends off. They are targeting organizations 24 hours a day, seven days a week,” said RiskRecon’s co-founder, Kelly White. “This continuous threat pressure necessitates that organizations operate their security monitoring and response operations at full capability at all times. Delays in responding to ransomware directly translate to increased business downtime. Going undetected and unchecked also gives criminals time to expand the ransomware blast radius.”
The reality of the never-resting ransomware threat has implications for supply chain management as well. Organizations will be wise to know who their critical suppliers are and ensure that their ransomware defenses are operating on par. “It is no longer enough to be concerned only about your own defenses,” explained White. “Organizations are critically dependent on the availability of their vendors and partners. ransomware takes out an essential partner, it can take down your enterprise.”
You rely on your third- and fourth-party vendors to do business, but those vendors also pose risk to your enterprise’s sensitive data. RiskRecon gives you accurate, non-invasive visibility into your vendors’ security postures and then ranks vulnerabilities in order of priority so you know which issues to tackle first.
With our third-party cyber risk assessments, you’ll also be provided with custom-fitted risk action plans so you can immediately start engaging with your vendor for remediation. And if a vendor’s cyber risk degrades or an element falls out of policy, you’ll be notified instantly.