Cyber-attacks and data breaches are on a rise. Surprisingly, ransomware accounted for one out of every four breaches and even the cost per incident doubled over the past two years. These are malicious software (malware) that encrypt an organisation’s data and then extorts large sums of money to restore access. The findings are from the annual Data Breach Investigations Report (2023 DBIR) by Verizon Business.
According to the report, the median cost per ransomware incident doubled over the past two years, with 95 per cent of ransomware incidents resulting in a loss between $1 million and $2.25 million. While the number of ransomware attacks last year was greater than the previous five years combined, it held steady this year as ransomware remained one of the top cyberattack methods, accounting for almost a quarter of all breaches (24 per cent).
Highlighting the causes for the rise of such attacks, Verizon Business said the human element still makes up the overwhelming majority of incidents, accounting for 74 per cent of total breaches. This is irrespective of the fact that enterprises continue to safeguard critical infrastructure and increase training on cybersecurity protocols. This is most commonly done by social engineering, which refers to manipulating an organisation’s sensitive information through tactics like phishing, in which a hacker convinces the user into clicking on a malicious link or attachment.
Other than social engineering, espionage and external actors such as using stolen credentials, phishing and exploiting vulnerabilities were the common ways to gain access to an organisation.
“Senior leadership represents a growing cybersecurity threat for many organisations,” said Chris Novak, Managing Director of Cybersecurity Consulting at Verizon Business. “Not only do they possess an organisation’s most sensitive information, they are often among the least protected, as many organisations make security protocol exceptions for them. With the growth and increasing sophistication of social engineering, organisations must enhance the protection of their senior leadership now to avoid expensive system intrusions.”
The report analysed 16,312 security incidents and 5,199 breaches.