While only 30% of U.S. and Canadian small- and medium-sized businesses did not have written incident response plans for ransomware attacks and other cybersecurity threats, 35% of those who did most recently examined their plans over six months ago and 20% did not backup their critical data offline, reports TechRepublic.
Moreover, three-quarters of respondents would only survive three days to a week after being impacted by a successful ransomware attack, according to a CyberCatch report. Law firms were most likely to have no written incident response plans and had the highest odds of reporting three to seven days survival following a ransomware attack.
"Ransomware is an existential threat to SMBs who are a critical part of the supply chain. Foreign adversaries and criminal gangs will increasingly attack SMBs with ransomware to not only extort ransom payments but also use as the entry point upstream to the eventual target, a large company, critical infrastructure, government agency, healthcare organization or other high value target," said CyberCatch founder and CEO Sai Huda.
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a campaign that commenced on Sept. 12, according to BleepingComputer.
Sixty thousand emails from U.S. State Department accounts were noted by a staffer working for Sen. Eric Schmitt, R-Mo., to have been exfiltrated by Chinese threat actors during the widespread compromise of Microsoft email accounts that commenced in May, according to Reuters.