Brian Wallace, Founder & President, NowSourcing

While COVID-19 rages on, a second pandemic is ravaging businesses everywhere.  Since the start of coronavirus, ransomware attacks have risen over 400%.  The costs associated with the attacks will top $20 billion in 2021, or $2 million per business affected.  Even with measures being taken against coronavirus, ransomware will not be defeated as easily.  Current predictions show 75% of organizations facing attacks over the next 5 years.

What has caused ransomware to expand so dramatically?  To start, there are more opportunities out there for attacks to be successful.  In the age of remote work, businesses are using more software and networked devices than ever.  Moreover, it’s lucrative.  Criminals can get multi-million dollar payouts in anonymous Bitcoin with little concern of being brought to justice.  Perhaps most importantly, ransomware has gotten easier to use.  One no longer needs to be a talented hacker to commit cybercrime.  “Gangs” now provide ransomware-as-a service in exchange for 20% or 30% of the ransom.  

Despite the growing threat, businesses are not investing enough in preventing cyber attacks on their systems.  The majority of businesses have an IT security budget of less than $10,000.  That’s less than 1/9th of the salary for an average cybersecurity engineer.  If businesses don’t want to pay millions later, they should consider investing thousands now.  The problem is particularly acute for small and medium businesses.  6 in 10 of them lack even a policy for what to do if they are hit with a cyber attack. 

Can tech bridge the divide?  Not entirely.  Cybersecurity software can do some of the work in preventing ransomware, but it introduces new challenges.  Artificial intelligence solutions aren’t foolproof.  Many are riddled with false positives and excessive alerts.  The average employee has neither the time nor the training to sort false positives from the real threats, and they ignore the AI’s warnings on all matters at their own peril.

Humans and tech need to work together to prevent ransomware.  No matter what software comes out, human expertise is an important part of cybersecurity.  Trained analysts can spot malicious code and warning signs better than average employees. They can understand context, relevance, and attack motivation better than software at this time.  This makes it possible for them to tease out the real concerns from a sea of false positives.  In an ever-expanding world of cyberattacks, businesses need the best in class technology AND cybersecurity expertise.

About the Author: Brian Wallace is the Founder and President of