Insiders have found that every 11 seconds, a business falls victim to a ransomware attack. Attacks are relentless. The exact numbers vary significantly depending on how you define an attack, but some reports claim that as many as 5.5 billion malware attacks and 6.3 trillion intrusion attempts occur each year. These are overwhelming numbers to be sure.
The costs of these attacks range in the billions annually, spread across all attacks. According to Ricoh USA, ransom payments from individual organizations averaged $3,960,917 in 2024, a 2.6 percent increase from 2023. An estimated 46 percent of respondents said their overall business losses were between $1 million and $10 million, and 16 percent reported their losses as more than $10 million. Downtime, legal fees, data loss, lost opportunities, reputation repair, and other recovery costs were not included in these costs.
Ransomware attacks have evolved from sporadic disruptions to systematic campaigns that paralyze entire organizations. While traditional phishing attacks still claim victims, cybercriminals employ increasingly sophisticated techniques that leverage web application vulnerabilities and other approaches to grab our attention and do their worst.
To counteract this growing menace, leaders—especially those in positions of leadership and with influence on training and prep programs—need to consider a holistic defense strategy that goes beyond user training to incorporate endpoint and application security. As these threats evolve, so must our defenses.
The Evolution of Ransomware Tactics
Ransomware tactics continue to grow in sophistication and agility, and traditional security measures struggle to keep pace. Once limited to phishing emails, attackers exploit trusted web applications to access sensitive systems. Attack techniques like Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and Open Redirect allow attackers to manipulate application behavior or redirect users to malicious sites, making ransomware payloads more challenging to detect and block.
We’re seeing attacks in which cybercriminals inject malicious scripts into trusted web pages. This enables attackers to steal session cookies or plant ransomware on trusted sites and web properties.
Another example we’re seeing is CSRF attacks that exploit authenticated user sessions to trigger unauthorized actions, like modifying system security settings or deploying malware across an organization. Unfortunately, open redirect attacks are making their way into the organizations you’re paid to protect, which are created to deceive users with legitimate-looking URLs that lead visitors to compromised sites.
Alas, these advanced techniques illustrate how attackers are weaponizing vulnerabilities in everyday systems to bypass defenses. What can you do about it?
The Role of Training in Cybersecurity
First, you’ve got to understand how these exploits work. This is essential for trainers and HR leaders to create effective cybersecurity training programs. Here’s how training professionals can contribute to a multi-layered defense strategy:
1. Endpoint Security Training
Educate employees on the importance of endpoint security and how to recognize potential threats. Provide teaching opportunities for employees to watch for signs of ransomware, such as unusual file encryption or system behavior. Provide guidelines on what to do if they suspect an endpoint is compromised, including how they can report suspicious activity.
Conduct hands-on training workshops where employees can practice identifying and responding to potential ransomware threats, and keep training materials up-to-date with the latest threat information and security practices.
2. Application Security Training
Any successful training program for organizations that develop software requires regularly raising awareness about common application vulnerabilities and how they can be exploited. Explaining the basics of XSS, CSRF, and Open Redirect attacks is crucial. Use real-world examples to illustrate how these attacks occur and their potential impact on the organization.
Employ interactive e-learning modules that explain vulnerabilities, discuss coding security best practices, and include enough interactivities and quizzes to reinforce learning. These are simple but powerful learning tools. Don’t overlook real-world scenarios and incidents where these vulnerabilities were exploited, highlighting the consequences and lessons learned.
3. User Awareness Training
Empower employees to recognize and respond to phishing attempts and other social engineering tactics. How? Like in the previous example, employ dynamic training programs that simulate real-world scenarios, such as ransomware and QR phishing. Encourage employees to report suspicious activities and provide clear steps for doing this. Employees will be hesitant to report incidents, so it is crucial that they feel comfortable doing so and know when to reach out for assistance.
Then, as you move forward with all the pieces in place, conduct regular phishing simulations to test and improve employees’ ability to identify and report phishing attempts, and establish and communicate clear procedures for reporting suspicious activities.
Implementing a Multi-Layered Defense Strategy
Combatting sophisticated ransomware threats requires a coordinated, multi-layered approach that integrates training with technical defenses. Advanced endpoint solutions, for example, act as a frontline defense, detecting and neutralizing ransomware before it can execute.
Your IT teams should conduct regular application security testing, including penetration testing and vulnerability scanning that is crucial for identifying and addressing vulnerabilities. Training programs for IT professionals should include modules on secure network practices and timely patching.
While training is critical, it must be regularly updated to address new threats as they arise. The cyberthreat landscape is always evolving, and your training courses and materials must do so as well.
Continual evolution required
Training professionals play a critical role in this defense strategy. By developing and delivering effective cybersecurity training programs, you can ensure that employees are prepared to recognize and respond to threats, ultimately strengthening the organization’s security posture.
Given your position, you know it’s crucial to adopt a comprehensive approach to cybersecurity that includes endpoint security, application security, and security awareness training. By empowering employees through effective training programs, HR and training professionals can play a pivotal role in safeguarding your organization against ransomware attacks.
Trainers can ensure their programs remain relevant and practical by staying proactive and continuously updating their knowledge on emerging threats. Together with robust technical defenses, well-informed employees form the backbone of an organization’s cybersecurity strategy.
