Ransomware volumes grew faster than ever in 2021
Cyber safety consultants would have needed to have spent a lot of the previous yr hiding beneath a rock to have missed the rise in the amount of profitable ransomware attacks throughout 2021, however in keeping with figures launched right now in Verizon’s 2022 data breach investigations report (DBIR), the year-on-year (YoY) bounce seen final yr was higher than the previous 5 years mixed.
Verizon’s Threat Research Advisory Centre (VTRAC), along with extra than 80 impartial business contributors, noticed a 13% enhance in ransomware breaches final yr. It mentioned that as cyber criminals leverage more and more subtle instruments, ransomware was proving significantly profitable at exploiting – and monetising – unlawful entry to knowledge.
This is the fifteenth yr that Verizon has revealed its landmark DBIR report. For the newest version, its knowledge was drawn from a complete of 23,895 safety incidents of which 5,212 have been confirmed breaches.
Verizon’s crew mentioned it was attainable to attribute roughly 80% of those breaches to organised crime, with exterior actors about 4 occasions extra more likely to trigger breaches in an organisation than malicious insiders. However, it additionally discovered there was a “human element” concerned in round 82% of them, largely resulting from three elements – social engineering, abuse of privilege, and easy human error.
2021 was additionally noteworthy for the emergence of safety incidents that started in the sufferer’s provide chain – the SolarWinds and Kaseya breaches being the obvious examples of such assaults, with such organisations performing as “force multipliers” for cyber criminals. Indeed, the VTRAC crew discovered that 62% of system intrusions originated by way of an organisation’s companion.
“Over the past few years, the pandemic has exposed a number of critical issues that businesses have been forced to navigate in real time. But nowhere is the need to adapt more compelling than in the world of cyber security,” mentioned Hans Vestberg, CEO and chairman of Verizon.
“As we continue to accelerate toward an increasingly digitised world, effective technological solutions, strong security frameworks, and an increased focus on education will all play their part in ensuring that businesses remain secure and customers protected.”
Fundamentals
Verizon mentioned its newest report demonstrated there have been 4 key paths resulting in compromise – botnets, credentials, phishing, and vulnerability exploits – with all of them pervasive and no organisation correctly secured with out an applicable plan to handle them.
As ever, it mentioned, it behoves safety groups to concentrate to some basic facets of safety controls – knowledge safety, safe configuration of property and software program, account administration, entry management, and employees consciousness and coaching.
DBIR lead creator Dave Hylender added: “Entering its fifteenth yr, Verizon’s Data breach investigations report stays the main authority on assessing the numerous cyber safety threats that organisations proceed to face.
“And while the report has evolved, the fundamentals of security remain the same. Assess your exposure, mitigate your risk, and take appropriate action. As is often the case, getting the basics right is the single most important factor in determining success.”
Rick Holland, CISO and technique vice-president at DBIR contributor Digital Shadows, commented: “If I had to sum up this year’s DBIR, the more things change, the more they stay the same. The use of stolen credentials, phishing, and vulnerabilities remains the top way threat actors gain initial access to organisations. Companies are spending billions of dollars on defence, yet these problems persist.”
