The Verizon Data Breach Investigations Report survey shows that ransomware is one of the leading variants in breaches. Yet statistically, the share of ransomware remains stable at 24 percent, while there were significant increases in previous years.
Studies around breaches and incidents regularly outline the state of the current security landscape. What they often have in common is that organizations are at high risk because hackers frequently carry out sophisticated attacks. They often know how to find ways to get to companies, something for which they adapt their tactics. So what are the latest trends when it comes to breaches and incidents? We attended a briefing from Verizon Business on the state of the art.
Verizon Business’ DBIR 2023 survey is already the 16th edition of the study. In it, Verizon analyzes data on security incidents. They also include “non-incident data” to provide additional depth and dimensions to the findings on breaches. In this way, Verizon analyzed 16,312 security incidents this year, of which at least 5,199 were data breaches.
So the number of ransomware attacks is high, Verizon’s data show. “Ransomware continues to reign as one of the most common Action types in breaches, and while it didn’t really grow, it remained statistically stable at 24 percent. Ransomware is pervasive in organizations of all sizes and across all industries.”
This is somewhat striking when you juxtapose that fact with the fact that previously the attack frequency was sometimes higher than the five years prior combined. Chris Novak, Managing Director of Cybersecurity Consulting at Verizon Business, cites no direct cause for this. However, he does express suspicion that hackers may be struggling to keep the frequency increasing very quickly because it is difficult to keep the pool of cybercriminals growing significantly. It may also be the case that measures taken by organizations are inhibiting further growth, although both causes are unconfirmed.
Verizon names the median cost per ransomware as one of its key findings. Over the past two years, according to the survey data, it has doubled to $26,000, or about $24,300. In doing so, 95 percent of incidents turn out to be losses of $1 to $2.25 million.
Verizon last analyzed such data in 2021. Back then, 90 percent of incidents had no financial loss. That is now a bit better statistically, as 93 percent of incidents now involved no financial loss. One possible explanation here is that backup strategies are a little better set up.
Moreover, Verizon Business’ research shows that 74 percent of breaches involve a human element. This is despite enterprise organizations continuing to invest in critical infrastructure and training around cybersecurity protocols.
One of the most common ways cybercriminals capitalize on humans is by using social engineering. Here, for example, they try to obtain sensitive information from a company through phishing. With an email, the hacker tries to trick the user into clicking on rogue links or attachments. If a phishing email is sent to many employees, in theory only one employee needs to fall for the campaign to gain access to certain sensitive information.
Novak said senior leaders are a growing threat to many organizations. “Not only do they possess an organization’s most sensitive information, they are often the least protected because many organizations create security protocol exceptions for them. With the growth and increasing sophistication of social engineering, organizations must strengthen the protection of their senior leadership now to prevent costly system intrusions,” Novak said.
Embracing best practices
The Managing Director of Cybersecurity Consulting at Verizon Business indicates that social engineering, like ransomware, is a lucrative tactic for hackers. Particularly because of Business Email Compromise attacks, a technique in which criminals impersonate a company employee for financial gain. The median in BECs has increased to $50,000 in recent years, which Verizon says may be contributing to the doubling in pretexting, a tactic around social engineering. Verizon Business indicates that the growth in BEC is particularly challenging for enterprise organizations with a distributed workforce. They will be wise to create and adhere to “human-centric security best practices.”
As far as Verizon Business is concerned, embracing best practices and protocols is the key to more successful security policies. But having current threat data is a good starting point to further get your policies in order.
TIP: DBIR also mentioned that 32 percent of all Log4j scanning activity on an annual basis happens within 30 days of release. As such, the vulnerability had a significant impact. If you’re curious about the current impact of Log4Shell, you can read our recent article.