HR Tech Number of the Week: Ransomware attacks

U.S. businesses are a prime target for ransomware attacks, and HR departments are particularly enticing for cyber thieves.
By: | November 23, 2021

The world may have shut down during the global pandemic, but hackers got down to business. According to research by encrypted cloud service provider NordLocker, U.S. organizations were the top target for ransomware attacks with 732 reported cases last year, followed by the UK with 74 cases, Canada at 62, and France and Germany at 58 and 39 respectively. NordLocker estimates that 37% of businesses worldwide became victims of ransomware cyberattacks in 2020.

Advertisement

(As a primer, ransomware attacks are data breaches in which data is stolen and IT system passwords are changed to enable hackers to threaten the dissemination of business data and denial of the use of an organization’s IT systems.)

What does this mean for HR leaders?

Everyone working in human resource departments must be made aware that their systems are a prime target for hackers looking to cripple an organization, according to Oliver Noble, a cybersecurity expert at NordLocker. Because HR departments house employee data such as employee bank information, Social Security numbers and such identification information as driver’s license and passport details, HR is an enticing target for digital thieves.

Related: Inside cybersecurity failure rates

“HR companies have a lot of responsibility, storing data ranging from sensitive personal details to some confidential business filings, which in the event of a systems breach could be held as substantial leverage by the perpetrators, making the firm more likely to pay up,” says Noble.

According to research from NordPass, a division of NordLocker, HR employees often use weak passwords. In fact, one of the most popular passwords is “password,” according to the research. “This is alarming as weak passwords make it very easy for hackers to access accounts. And hackers always look for the weakest link,” says Noble. “An easy-to-guess or stored-in-plain-text password, out-of-date software, or unsecured Wi-Fi networks don’t usually take long to find.” 

Employees are often the weakest link in an organization’s IT security and everyday human error remains a major cause of data breaches, says Noble. “Staff who are unaware of the risks and don’t know how to properly act once they’ve encountered one is what drives the entire cybercriminal business,” he says.

Paying the ransom does not always guarantee that the perpetrators will return the data and the systems to working order. “In case of a refusal to pay the ransom or even if demands are complied with, the high-value data could be leaked or sold on the dark web,” says Noble, “emphasizing the necessity for a tight cybersecurity system for firms operating in the HR industry.” 

Phil Albinus is HR Tech Editor for HRE. He has been covering personal and business technology for 25 years and has served as editor and executive editor for a number of financial services, trading technology and employee benefits titles. He is a graduate of SUNY New Paltz and lives in the Hudson Valley with his audiologist wife and three adult children. He can be reached at palbinus@lrp.com and followed on Twitter @philalbinus.