This Month in Security with Tony Anscombe – March 2026 Edition

The surge in ransomware‑driven data theft signals a strategic shift among cybercriminals. By 2025, three‑quarters of ransomware incidents included data exfiltration, a stark rise from the previous year. This trend reflects attackers’ dual‑extortion model, where stolen data becomes leverage for higher ransom payouts. Enterprises must therefore augment traditional backup strategies with robust data loss prevention, continuous monitoring, and rapid incident response to mitigate both encryption and exposure risks.

The Stryker incident illustrates how high‑value targets in the medical‑technology sector remain vulnerable to nation‑state‑aligned hacktivist groups. The loss of 200,000 endpoints and 50 TB of proprietary information not only disrupts operations but also raises regulatory scrutiny under HIPAA and GDPR equivalents. Simultaneously, Instagram’s decision to discontinue end‑to‑end encryption for private messages erodes user privacy expectations, potentially prompting a migration to more secure platforms. Companies should reassess their communication tools, enforce strong authentication, and educate users on the limits of platform security.

Law‑enforcement successes, such as Europol’s takedown of the Tycoon 2FA phishing service, demonstrate that coordinated action can cripple large‑scale credential‑harvesting operations. However, the persistence of phishing—especially targeting two‑factor authentication—means organizations must adopt phishing‑resistant authentication methods, like hardware security keys, and continuously train staff to recognize sophisticated lures. The combined pressure from advanced ransomware tactics, privacy‑policy shifts, and proactive policing creates a dynamic threat landscape that demands layered defenses and adaptive security cultures.