Cybercriminals are getting smarter about who they’re targeting, how they’re getting into networks, what they’re threatening to do to businesses, and how much they’re charging.   Meanwhile, employees are helping them into their employers’ networks, even when they know better.  It’s been a busy couple of weeks in cybersecurity news!

Microsoft Office 365 is becoming the core of many businesses. And hackers have noticed

More and more businesses are relying on Office365’s cloud storage, and hackers are now specifically targeting these accounts.  In addition to the wide range of data available to an Office365 admin, it can also be used as part of a software suite to allow users to sign on to other software-as-a-service products that businesses use. [Learn more at ZDNet.]

Stricken electronics firms weigh reward, cost of paying ransom

The new cybercriminal knows how to make companies pay up, and they’re not just locking files away anymore. Garmin’s entire product line was disabled due to ransomware in July, while Xerox and LG had sensitive customer data stolen and leaked bit by bit onto the internet.  Canon is in the worst position of all – customers’ photos were stolen from the company’s cloud server, and could be made public.    [Learn more at SC Magazine.]

Average Ransomware Payment Increases by a Massive 60% in 90 days

Among businesses paying to (hopefully) get their files back, the average ransomware payment increased from $111,000 to $178,000.  The median company targeted in a ransomware attack has increased over the last few years, but only to 100 users – and plenty of smaller companies are included in that average.   The are more types of ransomware active than ever before – the most common one only has a 15% market share, and no other ransomware “products” have more than a 7% market share.    [Learn more at KnowBe4]

Study: People Know Reusing Passwords Is Dumb, But Still Do It

Ninety-one percent of people say they know that reusing a password is a bad idea.  But that doesn’t stop 66% of people from doing it anyway – and admitting to it on a survey.  Another interesting fact – 66% have multi-factor authentication enabled for their own banking accounts, but only 22% have multi-factor authentication enabled for their account on their employer’s network.  [Learn more at Threatpost]