Dave Chorister, founder of Parameter Security, though, said that this concept of lesser-skilled attackers is really nothing new. "From an enterprise security standpoint, the threats are still the same. The difference is the amount of actual attacks you may have," Chorister said.
Because they should all have backups, "Ransomware should be at the maximum a hassle. They are not going to find the extremely sophisticated attack that can allow someone to bypass the security controls in place, except maybe in DDoS," Chorister said.
Even though they are able to capture or rent a fairly large botnet for a pretty low price and cause some significant outage, Chorister said, "I've never heard of a legitimate case where DDoS has allowed someone to gain access. There should be no greater risk."
Backing up the data on premise and segmenting the network are solutions that should stop a lot of these attacks. "But replication is not backup. If they are using DropBox or Google Drive, that's replication, not back up."
Chorister said that basic controls stop a lot of this. "It's really easy to get concerned. These risks are always going to be there with criminals renting or writing the attack. We have to keep our environment secure and never pay a fee for ransomware."
A ransomware attack is the easiest thing to prevent, said Chorister, "And if they have to pay, consider it their fine for not backing up."
Sign up for CIO Asia eNewsletters.