Verizon’s annual report on data breaches finds that ransomware attacks have increased 13% in a single year, representing a jump that is greater than the prior five years combined.
The Business 2022 Data Breach Investigations Report (2022 DBIR) analyzed 23,896 security incidents, including 5,212 confirmed data breaches, that occurred between Nov. 1, 2020, and Oct. 31, 2021.
Ransomware, which encrypts a business or organization’s data so that it cannot be accessed until a ransom is paid, continues to be lucrative for criminals who launch these cyberattacks to monetize the illegal access they have gained to private information.
Organized crime continues to have an outsized impact in the world of cybersecurity, with roughly 4 in 5 breaches being attributed to organized crime, the report said. Heightened geopolitical tensions are also driving increased sophistication, visibility, and awareness around nation-state affiliated cyberattacks.
For many businesses, the past year has also been dominated by supply chain issues, and this trend was also reflected across the cybersecurity landscape. The report said that 62% of system intrusion incidents came through an organization’s supply chain partner. Compromising the right partner is a force multiplier for cybercriminals and highlights the difficulties that many organizations face in securing their supply chain, Verizon said.
The 2202 DBIR also found that people remain, by far, the weakest link in organizations’ cybersecurity defenses and that human errors and misuse were responsible for 82% of analyzed breaches over the past year.
In all, 25% of data breaches were the result of social engineering attacks that trick employees into clicking on a link in a phishing email that will embed malware or ransomware code, or dupe them into providing login credentials, credit cards or other information to a hacker. Social engineering attacks are popular because manipulating humans to make errors, such as clicking on a phony invoice, is easier for thieves than finding a software or network vulnerability.
“Over the past few years, the pandemic has exposed a number of critical issues that businesses have been forced to navigate in real-time. But nowhere is the need to adapt more compelling than in the world of cybersecurity,” said Hans Vestberg, CEO and chairman, Verizon.
“As we continue to accelerate toward an increasingly digitized world, effective technological solutions, strong security frameworks, and an increased focus on education will all play their part in ensuring that businesses remain secure, and customers protected,” Vestberg said.
