As organizations adjusted to pandemic-induced remote work, cybersecurity experts worried that cybercriminals would take advantage of relaxed security habits, and if that happened, the aftermath could result in massive cyberattacks.\nWell, during the worst of Covid-19, phishing campaigns skyrocketed, many of them centered on coronavirus concerns, testing, and later, on vaccines. And now we are seeing the impact of those campaigns \u2013 a surge in ransomware attacks. Sophos has reported that 51% of organizations worldwide were the target of a ransomware attack in the past year, with criminals successfully encrypting data in 73% of these cases. At this point in time, not only does it seem like each new ransomware announcement is bigger than the last, but we\u2019re seeing how ransomware can impact everyday life. After a short reprieve, threat actors have resumed their assault on healthcare, taking down access to equipment like MRI and X-ray machines and patient data. \nWhile many of the attacks have targeted small and mid-size businesses \u2013 even my local veterinarian had their records encrypted \u2013 they also have gone after bigger fish, most significantly in the critical infrastructure pond. The Colonial Pipeline attack created a panic that led to gas shortages. Cybercriminal groups like REvil have shut down food-source supply chains and are now responsible for the latest ransomware attack on software vendor Kaseya, which has impacted hundreds of companies worldwide. REvil is extorting $70 million from Kaseya, the largest ransom yet, at least as of this writing.\nWith as quickly as ransomware attacks are happening, and with larger and more critical targets, it won\u2019t be long before we see ransoms upwards of $100 million. CISA released a warning that operational technology assets and controls are a rising target for ransomware attacks.\nIt\u2019s all about the end game \u2013 financial gain for criminals\nWhere in the system the ransomware appears doesn\u2019t matter. At this point, if impacted, incident response teams will need to tell leadership to shut everything down until the attack is resolved. You can\u2019t take the risk that the threat will impact everything else and give the cybercriminals the ability to \u201cisland hop\u201d between clusters and infect anything else. The threat actors have one primary end game and that is to make as much money as possible. They don\u2019t care how much destruction it causes as long as they get the gains.\nEvery organization is susceptible to ransomware, but some are at greater risk than others. Two organizations could appear to be almost identical \u2013 same industry, same regulations, similar approach to cybersecurity \u2013 and yet one is more likely to be attacked than the other. Some of that is due to human behavior \u2013 one mistaken click on a phishing email by a vendor\u2019s employee can take an otherwise secure company down the ransomware rabbit hole.\nThere are many issues at play that increase your organization\u2019s susceptibility. The security industry is just starting to understand these critical factors that can make one organization stand out as a more likely soft target. For example, data derived from scanning publicly visible Remote Administration Ports, email configuration parameters, application and operating system patch levels, and other factors in the overall IT architecture can be used to derive a relative risk profile. Combining this data with other factors, such as the volume of the organization\u2019s credential data found on the dark web, it is possible to estimate whether adversaries are more or less likely to attack, in particular relative to others in the same industry or those who have been attacked previously.\nSolutions exist that leverage machine learning to help organizations create a risk score based on their vulnerabilities, and even extend the vulnerability rating analysis to the third parties in their supply chain. What happened to Target a few years ago should have been a wake-up call regarding third-party risk, but too many companies still ignore the fact that an error or vulnerability in a vendor\u2019s system can result in an attack. The bad guys can easily tunnel through those little guys\/or third parties to a company where real damage can be done, and more money can be made.\nWhat ransomware susceptibility looks like\nHow does your company answer the following questions:\n\nFinancial impact. How big is the risk you are facing with your cybersecurity posture and how do you balance that with spending output based on potential financial loss?\nCyber vulnerability. How vulnerable is your organization to a cyberattack?\nDo you know your third-party risks?\nHow do outside attackers see you? Attackers have more insight into your company than you may realize, even if that insight comes from attacks on other organizations within your industry. They know what happens when the critical infrastructure is hit, for example, they saw the reaction by Colonial Pipeline, and they will look to exploit similar companies with similar vulnerabilities.\n\nDepending on how companies respond to these issues, an analysis derived from ML and AI can provide insight on how you compare to companies that have suffered a ransomware attack, and how you can avoid becoming the next victim.