Ransomware has become one of the most pressing cybersecurity challenges of our time. The frequency of attacks has skyrocketed, and the financial toll on businesses is staggering. Yet despite these headlines, the industry often overlooks the root causes—phishing and weak credentials—that make these attacks possible in the first place.
The Scale of the Problem
To put the crisis in perspective, ransomware incidents occur so frequently that hundreds of attacks unfold in the time it takes to read a few sentences. In 2018, more than half of organisations reported being targeted. By 2023, that figure had jumped to nearly three-quarters. Beyond the disruption, the financial impact is devastating. Some UK companies have admitted paying ransoms in the millions, while many others spend equally eye-watering sums on recovery even when no ransom is paid.
How Ransomware Gets In
Ransomware is straightforward in its approach: once inside a system, it encrypts critical files and demands payment for their release. But the key question is how attackers get access in the first place.
- Phishing: Fake emails and malicious links lure users into opening doors to malware.
- Credential theft: Stolen or weak passwords allow hackers to pose as legitimate users.
- Unpatched software: Vulnerabilities in outdated systems provide an easy entry point.
- Backdoors: Deliberately inserted malicious code creates hidden access channels.
These few techniques explain the vast majority of ransomware incidents, which raises the obvious question—why aren’t businesses focusing on shutting them down?
The Problem with Current Defenses
Many organisations rely on outdated multi-factor authentication (MFA) solutions to combat phishing-driven threats. First-generation MFA tools—like one-time codes, push notifications, or QR logins—still leave gaps. Attackers can intercept tokens or exploit flaws through man-in-the-middle attacks.
Worse still, these systems often centralise credential data, creating a single point of failure. If hackers break into the database, they can compromise countless accounts at once. High-profile breaches have already shown how costly and damaging this vulnerability can be.
A Shift in Strategy
To turn the tide, businesses must stop focusing solely on detection and instead embrace prevention. The next generation of MFA provides a way forward. These modern systems eliminate phishable elements like passwords and verification codes. Instead, they tie access directly to a trusted device combined with secure verification methods such as biometrics or hardware-protected PINs.
Crucially, credentials are stored locally within a device’s Trusted Platform Module (TPM), not in a central database. That means attackers cannot steal them remotely, nor can they intercept codes that no longer exist. To gain access, a criminal would need both the physical device and the user’s credentials, making remote compromise virtually impossible.
Why Prevention Must Be the Priority
As long as businesses continue investing in outdated tools, attackers will find ways around them. Prevention—rather than reaction—has to become the guiding principle. That means reducing reliance on passwords, eliminating phishable factors, and adopting stronger identity-based security rooted in device trust.
The bottom line is simple: ransomware thrives on weak entry points. By addressing phishing and credential theft head-on, businesses can stop attacks before they start, protecting not just their data but also their reputations and long-term viability.
