Excerpt from the Verizon 2023 Data Breach Investigations Report:
The costs per Ransomware attacks have doubled over the past two years and now account for one in four IT security breaches.
- Attacks using pretexting (Business Email Compromise) have more than doubled in the past year.
- The human element is involved in 3 out of 4 attacks.
- Analysis of the Log4j security incident shows its scope and the effectiveness of a coordinated response.
Dive into the comprehensive report (attached) and find many more results in the analysis of IT crime – including, among other things, how it affects different industries.
Verizon Business publishes the results of its annual mapping of IT security – Data Breach Investigations Report (2023 DBIR) – which is published for the 16th time and this year is based on the analysis of 16,312 specific security incidents and 5,199 breaches of IT security. Among the startling results is the sharp increase in the costs associated with ransomware – the type of attack with malicious software (malware) that can encrypt an organization or company’s data and then extort large sums of money to restore access to that data.
The median price per ransomware attacks have doubled over the past two years, with 95 percent of cases leading to economic losses of between 1 million and 2.25 million US dollars. The increase in cost coincides with a dramatic increase in frequency. Last year, the number of ransomware attacks was greater than the previous five years combined. Ransomware attacks now account for nearly a quarter of all IT security breaches (24 percent) and remain one of the most widely used attack methods.
The human element is still involved in an overwhelming majority of IT security breaches – 74 percent of all cases, even though companies are making efforts to protect their critical infrastructure and increase training in cyber security procedures. One of the most common ways to exploit human nature is social engineering, which refers to manipulating an organization’s sensitive information through tactics such as phishing, where a hacker convinces the user to click on a malicious link or attachment.
“Senior management represents a growing security threat to many organizations,” said Chris Novak, Managing Director of Cybersecurity Consulting at Verizon Business. “Although they have access to a company’s most sensitive information, they are often among the least protected as many companies exempt them from security procedures. With the growth of increasingly sophisticated cases of social engineering, companies should strengthen the protection of their senior management now to avoid costly attacks on their systems.”
Like ransomware, social engineering is a lucrative tactic for cybercriminals. This is not least due to an increased use of Business Email Compromise (BEC), where the criminals pretend to be company colleagues. The median amount stolen as a result of BECs has risen to $50,000 over the past few years, based on data from the Internet Crime Complaint Center (IC3) – and this has certainly contributed to the doubling of pretexting in the past year. With the growth of BEC, businesses with many employees working from home face a growing challenge to create and enforce security best practices that take the human element into account.
“Globally, cybercriminals continue their relentless efforts to acquire sensitive consumer and business data. The revenue from this amounts to a staggering amount, which both the company’s management and boards are fully aware of,” said Craig Robinson, Research Vice President at IDC. “Verizon’s Data Breach Investigations Report provides deep insight into the topics critical to the cyber security industry and has become a source of fact-finding for business.”
In addition to the increase in social engineering, the 2023 DBIR also highlights the following:
- Although espionage receives considerable media attention, not least because of the current geopolitical situation, only 3 percent of cyber-criminals are motivated by espionage. The other 97 percent were motivated by financial gain.
- 32% of the annual Log4j vulnerability scan occurred in the first 30 days of its release, showing how fast cybercriminals are moving from proof of concept to large-scale exploitation.
- External actors leveraged a variety of techniques to gain access to an organization, such as using stolen credentials (49 percent), phishing (12 percent), and exploiting vulnerabilities (5 percent).
One of the ways companies can help protect their critical infrastructure is by adopting and adhering to industry-leading procedures and practices. Verizon recently became participates in the Mutually Agreed Norms for Routing Security (MANRS) project: a global initiative to reduce the most common routing vulnerabilities exploitable by attackers. Participation in MANRS demonstrates Verizon’s commitment to implementing industry-leading security updates and best practices that can help mitigate security threats.
Source: IT-Kanalen by it-kanalen.dk.
*The article has been translated based on the content of IT-Kanalen by it-kanalen.dk. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!