
We were glad to see the DBIR finding that “74% of all breaches include the human element” – that aligns with our report’s finding that Insider Error and Insider Misuse the top two risk themes for average annual probability.
But when it comes to ransomware, we think that the DBIR “buried the lede” based on its own data. “Ransomware continues its reign as one of the top Action types present in breaches, and while it did not actually grow, it did hold statistically steady at 24%,” the 2023 report said (p. 9, fig. 8).
Ransomware did not grow – News alert!
Contrast that writeup with last year’s DBIR:
“This year, Ransomware has continued its upward trend with an almost 13% increase–a rise as big as the last five years combined (for a total of 25% this year).” – 2022 DBIR (p.7, fig 6.)
The 2022 report went on to note that “Ransomware by itself is really just a model of monetizing an organization’s access.”
Indeed, ransomware is ultimately an end-of-attack-chain monetization strategy, so concrete defenses against ransomware come back to the classics of defending against simple attacks like credential stuffing and phishing.
A couple simple questions, and a little flipping of the script, can help put ransomware back in context.
>>Is ransomware a characteristic of most DBIR events?
No. 76% of DBIR breaches do not involve ransomware! And this year, for the first time in years, it stalled and did not grow YoY.
>>Do other sources corroborate a slowdown or decline in ransomware?
Yes. Some excellent research by Chainalysis notes that “Ransomware payments are significantly down” as more and more firms refuse to pay. This is especially encouraging because it directly undermines that whole ‘monetizing’ motivation.
Finally, our own 2023 Cybersecurity Risk Report ranked ransomware scenarios at the bottom among seven risk themes for average loss exposure (based on probable likelihood and probable financial impact – see p. 3 of the report for more on our methodology).
Why the low ranking on loss exposure? For starts, our study looks out across the entire risk landscape, including the many garden-variety ransomware attacks that infect a few workstations, cost a limited amount of effort by a response team, and never make the headlines. There’s always the standard disclaimer that ransomware may be under-reported by some organizations fearing reputation loss.
But the trend on ransomware, reinforced by the findings in the respected DBIR, looks steady for now, and against all the bad news we get in cybersecurity, that’s worth celebrating.
*** This is a Security Bloggers Network syndicated blog from RiskLens Resources authored by Benjamin Gowan and Justin Theriot. Read the original post at: https://www.risklens.com/resource-center/blog/buried-story-2023-verizon-dbir-ransomware-stopped-growing