The frequency and cost of cyberattacks have been alarmingly rising, according to Verizon Business's (Verizon) 16th annual Data Breach Investigations Report (DBIR).
The report, which analysed 16,312 security incidents and 5,199 breaches, noted the soaring cost of ransomware – malicious software (malware) that encrypts organisations' data and then extorts large sums of money to restore access.
The median cost per ransomware more than doubled over the past two years to $26,000, with 95% of incidents that experienced a loss costing between $1 million and $2.25 million, Verizon said. The rise in cost coincides with the concerning rise in frequency over of attacks over the past couple of years when the number of ransomware attacks was greater than the previous five years combined.
This year, ransomware was one of the top cyberattack methods, representing nearly a quarter of all breaches (24%).
Craig Robinson, research vice president at International Data Corporation (IDC), said: “Globally, cyber threat actors continue their relentless efforts to acquire sensitive consumer and business data. The revenue generated from that information is staggering, and it's not lost on business leaders, as it is front and centre at the board level.
“Verizon's Data Breach Investigations Report provides deep insights into the topics that are critical to the cybersecurity industry and has become a source of truth for the business community.”
The DBIR revealed that the human element accounted for most cyber incidents and was a factor in 74% of total breaches, even as organisations continue to safeguard critical infrastructure and increase training on cybersecurity protocols.
One of the most common ways to exploit human nature is social engineering, which means manipulating an organisation's sensitive information through tactics like phishing, in which a hacker convinces the user into clicking on a malicious link or attachment.
Moreover, the rise of techniques being used to impersonate enterprise employees for financial gain, such as “Business Email Compromise” (BEC), has made social engineering a lucrative tactic for cybercriminals.
Over the last few years, the median amount stolen in BECs has increased to US$50,000, based on Internet Crime Complaint Center (IC3) data, which might have contributed to pretexting nearly doubling this past year.
“Senior leadership represents a growing cybersecurity threat for many organisations,” said Chris Novak, managing director of cybersecurity consulting at Verizon Business. “Not only do they possess an organisation's most sensitive information, but they are often among the least protected, as many organisations make security protocol exceptions for them. With the growth and increasing sophistication of social engineering, organisations must enhance the protection of their senior leadership now to avoid expensive system intrusions.”
Another way to exploit human nature is using AI-assisted voice-cloning technology (also known as “deep fake” voice technology). Last month, intelligence firm Recorded Future warned Australians to beware of criminals using deep fake technology to scam vulnerable people.