Earlier this month Europol released their annual Internet Organised Crime Threat Assessment about the cybercrime landscape.
Independent parties and industry experts have digested the information and are now providing feedback and additional insight on the data provided in the report. A recent article, Europol Report on Organized Cybercrime Highlights Crypto Ransomware As Top Threat, outlines key takes and comments on the fact that technologies, such as encryption, carry with them new types of risk. In the article Raphael Reich, Vice President of CyCognito, comments on why ransomware is on the rise:
“Many organizations are unintentionally opening themselves to attacks on their sensitive
data via exposed pathways in their IT ecosystems. They are unaware of these entry points
because they have not fully mapped their attack surface.
They don’t know where they have exposed servers, applications and other IT assets, and they
also don’t know when and where their third-party vendors, partners or subsidiaries leave
systems, applications and infrastructure exposed. This all creates shadow risk.”
The report’s Executive Summary states, “New threats do not only arise from new technologies but, as is often demonstrated, come from known vulnerabilities in existing technologies.”1 At CyCognito we agree. The challenge we see consistently though is that organizations are blind to many of their existing technologies and assets, and therefore the attack vectors and vulnerabilities they harbor. That’s why we strongly advocate for organizations to map their attack surface the way attackers would, so they can discover those blind spots and eliminate their shadow risk.
 Internet Organised Crime Threat Assessment, Page 8: