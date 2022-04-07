This year, ransomware has continued its upward trend with an almost 13% increase, according to Verizon Business' 2022 Data Breach Investigations Report (DBIR).

In Verizon's 15th DBIR, the service provider discovered that ransomware attacks doubled in growth, up 12% in 2021 to an increase of 25% in 2022. The 13% jump is greater than the past five years combined. Verizon says ransomware continues to "prove particularly successful in exploiting and monetizing illegal access to private information."

Ransomware's upward trend Image source: Verizon Business.

Ransomware shows no signs of slowing down

In 2008, when Verizon began the DBIR, hackers were more focused on targeting payment data, but due to PCI DSS and improvements to financial security capabilities, this method became less lucrative, Alex Pinto, one of the lead authors of the DBIR, told Light Reading. Payment Card Industry Data Security Standard (PCI DSS) is a data security standard financial organizations and retailers handling credit cards have adhered to as a means to prevent card scams.

Ransomware, on the other hand, has become more popular among hackers because it's "data agnostic," said Pinto.

"You have an almost guarantee that the [victims of ransomware] would be at least very seriously thinking about paying," said Pinto. Ransomware provides bad actors with the means to cast a much wider net than just the financial market, and target any vertical by holding their data hostage for payment.

"Ransomware operators have no need to look for data of specific value, e.g., credit cards or banking information," according to the report. "They only need to interrupt the organizations' critical functions by encrypting their data."

Subversive system intrusions

Pinto adds that the bulk of cybercrime falls under the category of "system intrusions," which are "computer-oriented breaches where there was some hacking, vulnerabilities were exploited and malware was installed." These were also on the rise over the past year.

The four main types of system intrusions Image source: Verizon Business.

The four main ways bad actors target organizations and execute system intrusions is via credentials, phishing, exploiting vulnerabilities and botnets, according to the report. Ransomware and supply chain breaches also fall under the category of system intrusions.

Increasing geopolitical tensions are also contributing to the rise in "sophistication, visibility and awareness around nation-state affiliated cyber-attacks," said Verizon.

External threats exceed internal

Overall, in the report Verizon analyzed 23,896 security incidents; 5,212 of those incidents were confirmed breaches. Nearly four in five breaches were organized crime-related, and external actors are four times as likely as internal actors to cause organizational breaches.

While internal attacks garner more press, they're "not as frequent as folks would like you to believe," said Pinto.

These "external actors" aren't just hackers and criminals. Verizon notes that 62% of system intrusion incidents came through an organization's partner, which puts a spotlight on the challenges organizations face in securing their supply chain.

Even with the best security tools in place, human error remains a big concern. Over the past year, 82% of breaches had a human element. Plus, 25% of total breaches in the 2022 report resulted from social engineering attacks, which is when a "bad actor" misleads someone into divulging personal data or credentials, such as a phishing attempt.

The authors of the DBIR seem to understand that divulging the many ways bad actors can target organizations' data might lead to sleepless nights on the part of CISOs. With that in mind, the DBIR closes with advice for organizations on how to mitigate security threats, as well as a measuredly optimistic outlook: "Be well, be prosperous, and be prepared for anything."

— Kelsey Kusterer Ziser, Senior Editor, Light Reading