Businesses are paying out soaring sums to retrieve their data after hackers encrypt their accounts, according to a report released this week by Verizon Business, the enterprise solutions division of the wireless data network provider.
The damage is caused by ransomware, which is malicious software (also known as malware) that encrypts an organization’s data and then extorts large sums of money to restore access, the Basking Ridge, New Jersey-based company said. That conclusion came from Verizon’s 16th annual Data Breach Investigations Report (2023 DBIR), which analyzed 16,312 security incidents and 5,199 breaches.
Ransomware remains one of the top cyberattack methods, representing almost a quarter of all breaches (24%). It has seen a dramatic rise in frequency over the past couple of years when the number of ransomware attacks was greater than the previous five years combined, Verizon said.
Part of the reason that ransomware is so popular with hackers is that it’s effective: The median cost per ransomware incident more than doubled over the past two years to $26,000.
In the overwhelming majority (74%) of incidents, hackers gain access to companies’ files through the human element, even as enterprises continue to safeguard critical infrastructure and increase training on cybersecurity protocols. One of the most common ways to exploit human nature is social engineering, which refers to manipulating an organization's sensitive information through tactics like phishing, in which a hacker convinces the user into clicking on a malicious link or attachment.
Executives are particularly vulnerable. “Senior leadership represents a growing cybersecurity threat for many organizations,” Chris Novak, managing director of Cybersecurity Consulting at Verizon Business, said in a release. “Not only do they possess an organization’s most sensitive information, they are often among the least protected, as many organizations make security protocol exceptions for them. With the growth and increasing sophistication of social engineering, organizations must enhance the protection of their senior leadership now to avoid expensive system intrusions.”
Another lucrative tactic for cybercriminals is social engineering, when attackers impersonate enterprise employees for financial gain, a method known as Business Email Compromise (BEC). The approach is especially effective when applied to businesses with distributed workforces, since they are challenged to create and strictly enforce human-centric security best practices for their remote employees. The median amount stolen in BECs has increased over the last couple of years to $50,000, based on Internet Crime Complaint Center (IC3) data.
And that trend might have contributed to a near doubling this past year of “pretexting,” an invented scenario that tricks someone into giving up information or committing an act that may result in a breach, Verizon said.
In other findings, the report found:
- espionage garners substantial media attention, but only 3% of threat actors were motivated by espionage; the other 97% were motivated by financial gain.
- hackers tend to use new techniques soon after vulnerabilities are discovered. For example, 32% of yearly Log4j vulnerability scanning occurred in the first 30 days after its release, demonstrating threat actors’ velocity when escalating from a proof of concept to mass exploitation.
- hackers use a variety of different techniques to gain entry to an organization, such as using stolen credentials (49%), phishing (12%), and exploiting vulnerabilities (5%).
Finally, the report concluded that enterprises can help safeguard their critical infrastructure by adopting industry leading protocols and practices. For example, Verizon recently became the first nationwide telecom provider to become a participant of Mutually Agreed Norms for Routing Security (MANRS), a global initiative that provides crucial fixes to reduce the most common routing threats that can be exploited by attackers.
