29th May 2022
The Verizon Data Breach Investigations Report 2022 was released yesterday, finding an alarming 13% increase in ransomware breaches–more than in the last 5 years combined.
The report also showed that 82% of breaches involved a human element, including social attacks, errors and misuse. Organised crime continues as a pervasive force in cybersecurity, with around 4/5 breaches attributed to organised crime.
Ross Brewer, vp of EMEA and APJ for AttackIQ comments on the report “While the alarming increase in ransomware is interesting, there’s nothing new here. We’ve been seeing ransomware attacks increase substantially in recent years, with over 300 million ransomware attacks reported in the first half of 2021. What organisations need to be cognizant of is that the human firewall is fallible, and we see that in over 80% of breaches, whether through misconfiguration in the environment, the human being socially engineered, or their privilege is misused.
Ross continues “This is why it’s increasingly important that organisations take an assumed breach approach to augmenting their cybersecurity programme. The fact is these mistakes and social engineering failures are going to continue to happen, and it will result in criminals being let in to these networks. Focus needs to be placed on internal defences, so that when fraudsters get in, they cannot traverse the network and hold them to ransom. The way to do this is to follow the MITRE ingenuity centre for threat-informed defence methodology of using adversarial behaviour to assess an organisations defences, and make sure that they are testing those defences. Organizations should be testing using different privileges to make sure that under certain users, they don’t have more privileges than they should, cutting down the vectors that attackers use.”
Verizon Trends(2 articles)
Cyber Trends(1,278 mentions in Insurance Newslink)