Evolving threat actor tactics are capitalizing on business and technology consolidation to launch widespread ransomware attacks and requiring organizations to rethink how to address new vulnerabilities to stay secure and resilient.

A report from cybersecurity firm Resilience revealed mergers and acquisitions (M&A), along with increased reliance on key software vendors, have created an unprecedented number of potential points of failure for hackers to exploit, leading to some of the most damaging cyber incidents in the past year.

Ransomware continues to dominate as the leading cause of financial loss in cybersecurity, with 64% of ransomware-related claims resulting in a direct loss.

Between 2022 and 2023, the financial severity of these claims surged by 411%. Notable attacks on Change Healthcare and CDK Global, as well as exploitation of the PanOS zero-day vulnerability, were some of the most severe incidents in 2024.

The report also highlights that third-party vendors remain a critical weak link, with 40% of claims in 2024 stemming from breaches or ransomware attacks exploiting supply chain vulnerabilities, such as the Ivanti software flaw.

BlackCat, a prominent ransomware group, was responsible for a significant portion of these attacks, accounting for 18% of covered ransomware losses.

Andrew Bayers, head of threat intelligence at Resilience, said when it comes to M&A, organizations must adopt a risk-centric approach to dealmaking.

“Understanding potential cyber risk should be a top priority during the dealmaking process — not an afterthought,” he said.

By proactively scrutinizing the target organization’s own security vulnerabilities (including disparate employee security cultures), organizations can securely integrate IT systems, prevent unexpected security gaps from forming and stay ahead of threat actors looking to take advantage of those gaps.

“The same strategy rings true for software consolidation,” he added.

No matter how effectively a company defends its own digital environment, it is likely still interdependent on the cyber resilience of others.

As such, the question of an attack is not an “if” but a “when”—meaning that cyber risk management must be elevated to a board-level consideration.

“When organizations take a risk-centric approach, they can understand the hypothetical impact of potential cyber threats and plan for that ‘when’,” Bayers said.

Defense in Depth Strategy Required

Thus far in 2024, claims within the manufacturing and construction spaces have risen sharply.

Bayer explained both legacy industries have lagged in terms of digital transformation, network segmentation and overall cybersecurity.

He said it is probable that running end-of-life (EoL) and end-of-support (EoS) systems, while cost-effective in the short term, leaves them exceptionally vulnerable.

“Many systems and subcontractors, in fact, often access the same temporary networks on-site, and these networks can be flimsy and lack adequate security controls in the rush to quickly spin up a new project,” Bayer explained.

From his perspective, the key to preventing attacks is to implement a strategic and layered (defense in depth) approach to implement more robust cyber defense practices, including access, endpoint, network and email security measures.

“As in any industry, employee security awareness training, third-party risk management, incident response and disaster recovery strategies can go a long way in staying operational while navigating a cyberattack,” he said.

Buoyed by an M&A boom and increasing vendor interconnectivity, ransomware is expected to continue driving more losses and recovery spending over the next year.

Ransomware Attack Severity Continues to Grow

The severity of these ransomware attacks is also likely to continue growing, as criminals have shown to pursue larger ransoms each year.

Bayer said business leaders should brace for a treacherous ransomware threat landscape.

“If they can conceptualize attacks as inevitable rather than a far-off possibility, they can better prepare through investment in cybersecurity people, processes and technology—and thus bounce back faster with minimal business disruption,” he said.