The past year has been overwhelming in many ways, but cyber threats really took off and became a primary concern for all businesses, no matter the size. The 2022 Verizon Data Breach Investigations Report (DBIR) summarizes four key paths, all of which pervasive and should be a focus for organizations: Credentials, Phishing, Exploiting vulnerabilities, and Botnets.
Ransomware Biggest Concern
This year, ransomware threats have continued to rise at almost 13% and Ransomware-as-a-Service has been become increasingly popular. Blocking the 4 key paths mentioned above helps to block the routes ransomware commonly uses to take over your systems. The threats we faced in last year such as Solar Winds, Log4j, and Kaseya showed us how one supply chain incident can lead to a wide range of consequences.
The Cyentia Unit 42 Ransomware Threat Report 2022 shares that the average ransom demand on cases handled by Unit 42 last year was 2.2 million, and the average payment rose 78% to 541,010. According to the NetDiligence Claims Study, the average total cost for a ransomware incident for SMEs is $267,000 and $16.6 million for large companies. The average costs for business interruption are $316k total for SMEs and $50 million for large companies.
Human Risk is Cybersecurity Risk
Human error continues to be a trend that drives data breaches; often influenced by misconfigurations of cloud storage, stolen credentials, phishing, or other simple security errors. People continue to play a large role in incidents and breaches, so don’t discount the importance of employee awareness training and the risk your own employees pose to your organization.
Data Breaches are a concern, especially as they are now often part of a ransomware attack
Some of the main causes of data breaches were use of stolen credentials, ransomware, and phishing. Web applications and email are the top two vectors for breaches, followed by carelessness, which are errors such as mis-delivery and misconfiguration- often human errors. The next vector is Desktop Sharing Software such as RDP and third-party software that allows users remote access other devices. It is important to note that if it’s easy for you to log, it’s probably not too difficult for a hacker either.
It’s Never Just One Thing
It is important to note that the pattern of system intrusions can consist of complex attacks that involve a combination of actions such as Social, Malware, Hacking, and Ransomware, and even threats originating from partners and vendors. In the past year, we learned the importance of choosing your partners and vendors wisely with all the third-party and supply chain breaches.
Top Causes of Loss for SMEs
According to the NetDiligence study, the top causes of Loss at SMEs are ransomware, hackers, business email compromise, staff mistakes, and phishing. These categories accounted for 70% of claims and 80% of total incident cost. The top affected sectors are consistent with the past few years: professional services, manufacturing, healthcare, technology, retail, and financial services.
Cyber threats are becoming more sophisticated, and cyber insurance is now more important than ever to your business. Luckily, if you are incorporating the necessary security controls to combat these threats, you are putting yourself in a better position to attain cyber insurance with better pricing and better terms. Read the reports for yourself and keep your organization educated on the trends in cybersecurity and cyber insurance, and very importantly, put security controls in place to combat all key paths and threat patterns.
