The median cost per ransomware incident more than doubled over the past two years to $26,000, with 95% of events that resulted in a loss costing upwards of $2.25 million, according to Verizon Business in its newly-released 2023 Data Breach Investigations Report.
Ransomware Exploding
The 16th edition of the highly referenced volume analyzed 16,312 security incidents and 5,199 breaches. Verizon Business found that the number of ransomware attacks in the past couple of years amounted to more than the previous five years combined. In fact, ransomware accounted for nearly one in four (24%) cyberattack methods, the report said.
Human error continued to be a weak link in the ransomware chain, with some involvement in nearly three in four (74%) of events, despite an emphasis on employee training. Phishing and business email compromise are two examples of social engineering that require an employee mistake to propagate.
Chris Novak, Verizon Business managing director of cybersecurity consulting, explained how upper-level management is a “growing cybersecurity threat” for many organizations:
“Not only do they possess an organization’s most sensitive information, they are often among the least protected, as many organizations make security protocol exceptions for them. With the growth and increasing sophistication of social engineering, organizations must enhance the protection of their senior leadership now to avoid expensive system intrusions.”
Emails Attacks Double
Here are the key takeaways from the report:
- Business Email Compromise (BEC) attacks have almost doubled across the entire incident dataset. BEC now represents more than 50% of incidents within the social engineering pattern.
- While ransomware did not actually grow, it did hold statistically steady. Ransomware is ubiquitous among organizations of all sizes and in all industries.
- 83% of breaches involved external actors, and the primary motivation for attacks continues to be overwhelmingly financially driven, at 95% of breaches.
- The three primary ways in which attackers access an organization are stolen credentials, phishing and exploitation of vulnerabilities.
Stolen Credentials Most Prevalent Attack Method
Other findings in the 2023 DBIR include:
- While espionage garners substantial media attention, owing to the current geopolitical climate, only 3% of threat actors were motivated by espionage. The other 97% were motivated by financial gain.
- 32% of Log4j vulnerability occurred in the first 30 days after its release, with the biggest spike in activity after 17 days, demonstrating threat actors’ velocity when escalating from a proof of concept to mass exploitation.
- External actors leveraged a variety of different techniques to gain entry to an organization: using stolen credentials (49%), phishing (12%) and exploiting vulnerabilities (5%).
- More than 32% of all Log4j scanning activity over the course of the year happened within 30 days of its release, with the biggest spike of activity inside of 17 days, demonstrating threat actors’ velocity when escalating from a proof of concept to mass exploitation.
