The frequency of social engineering attacks has skyrocketed in recent years, and ransomware remains one of the top Cyber attack methods, according to a report. It added that the median cost per ransomware incident has doubled over the past two years, with ransomware accounting for one in four breaches worldwide.
According to Verizon 2023 Data Breach Investigations Report, 95% of ransomware incidents cost organizations between $1 million and $2.25 million. The report said rising costs have coincided with a dramatic increase in frequency as the number of ransomware attacks exceeded the previous five years combined.
Verizon Business said it analyzed 16,312 security incidents and 5,199 breaches and that the most significant of the findings is the rising cost of ransomware – a type of cyberattack in which hackers encrypt an organization’s data and then extort large sums of money to restore access.
People are blamed for cyber attacks
According to the report, human error continues to play a significant role in data breaches across industries. One of the most common ways to exploit human nature is social engineering, where a hacker convinces the user to click on a malicious link or attachment.
“The human element continues to make up the vast majority of incidents, accounting for 74% of total breaches, even as enterprises continue to protect critical infrastructure and improve training on cybersecurity protocols,” the report said.
According to Anshuman Sharma, associate director CSIRT and Investigative Response, APJ, Verizon Business, social engineering attacks have surged due to increased connectivity and advancements in AI.
He said pretexting or Business Email Compromise (BEC) attacks accounted for 50% of all incidents as hackers exploited human vulnerabilities.
“We see this in India, where similar attacks have increased in all sectors, with the human element being an important factor,” Sharma points out.
Other important findings
According to the report, social engineering, system intrusion and basic web application attacks dominate 93% of breaches in the APAC region.
Of all breaches, 61% had financial motives, followed by espionage at 39%, convenience at 2%, grudge at 2%, and secondary motives at 1%.
Data compromised in breaches included internal information for 56%, secrets for 42%, other data for 33%, and credentials for 29%.
Threat actors in breaches were 92% external, 9% internal, 2% partners, and 2% multiple actors.
end of article