Verizon Business has released its 16th annual Data Breach Investigations Report (2023 DBIR), on cyber incidents. The US firm has found that the median cost per ransomware more than doubled over the past two years to $26,000, with 95 per cent of incidents that experienced a loss costing between $1 and $2.25m.
The human element still makes up the overwhelming majority of incidents, and is a factor in about three-quarters, 74 per cent, of total breaches.
Chris Novak, Managing Director of Cybersecurity Consulting at Verizon Business, said: “Senior leadership represents a growing cybersecurity threat for many organizations. Not only do they possess an organization’s most sensitive information, they are often among the least protected, as many organizations make security protocol exceptions for them. With the growth and increasing sophistication of social engineering, organizations must enhance the protection of their senior leadership now to avoid expensive system intrusions.”
Like ransomware, social engineering is a lucrative tactic for cybercriminals, especially given the rise of those techniques being used to impersonate enterprise employees for financial gain, an attack known as Business Email Compromise (BEC). The median amount stolen in BECs has increased over the last couple of years to $50,000 USD, based on Internet Crime Complaint Center (IC3) data, which might have contributed to pretexting nearly doubling this past year. With the growth of BEC, enterprises with distributed workforces face a challenge that takes on greater importance: creating and strictly enforcing human-centric security best practices.
While espionage takes media attention, owing to geopolitics, only 3pc of threat actors were motivated by espionage. The other 97pc were motivated by financial gain, according to the findings.
And Craig Robinson, Research Vice President at IDC, said: “Globally, cyber threat actors continue their relentless efforts to acquire sensitive consumer and business data. The revenue generated from that information is staggering, and it’s not lost on business leaders, as it is front and center at the board level. Verizon’s Data Breach Investigations Report provides deep insights into the topics that are critical to the cybersecurity industry and has become a source of truth for the business community.”
View the report at: https://www.verizon.com/business/resources/reports/dbir/.
Comments
Jasson Casey, CTO at Beyond Identity, said: “Even for seasoned security professionals, there can be misconceptions of the main causes of ransomware attacks. Attackers don’t break in, they log in. A significant majority of ransomware breaches are as a result of stolen credentials, cementing it as one of the most tried-and-true access methods in the past four years. Antiquated authentication methods – be it passwords or traditional MFA [multi factor authentication] – continue to put organisations at risk. No matter how many letters or variations a password has, and whatever one-time passwords or push notifications it is “supported” with, they will never be secure.
“It’s time organisations shut the front door on the main way adversaries gain initial access to systems, stopping any future ransomware attacks in their tracks.”
Julia O’Toole, CEO of cyber firm MyCena Security Solutions, said: “The much-anticipated Verizon DBIR gives organisations great intelligence into what and how breaches occur and helps them allocate their security budgets to counter the most prevalent threats. Based on the data, this year again, the vast majority of breaches include the human factor, whether error, misuse, social engineering or stolen credentials.
“Unsurprisingly, attackers find it far easier and cheaper to phish a password than to find an exploitable vulnerability in an organisation’s systems. And once on the inside, nearly 95pc of all breaches lead to an attempt to extract money from the organisation, with 24pc of breaches leading to a ransomware attack.
“Organisations can now take this data and look for the best way to protect themselves from phishing scams and ransomware. The easiest way to achieve this is to remove login credentials from users’ knowledge.
“When employees don’t know their work passwords, it is impossible for them to hand them out in phishing scams, which removes the vast majority of breaches. To achieve this, organisations can implement access segmentation and encryption management solutions and distribute strong encrypted employee passwords centrally from a console.
“With passwords being encrypted, users can’t see them, know them or give them away in any sophisticated attack or phishing scam. With access being segmented for each system, if one password is compromised in a supply-chain attack, only one system is compromised, while others stay secure. As they are unable to spread through the network, criminals cannot siphon huge swathes of data, cause business interruption and conduct ransomware attacks.”
