Ransomware is increasing faster than ever

Last month, Verizon published its 15th annual Data Breach Investigations Report, an in-depth study of the root causes and extent of the damage of enterprise data breaches across some of the world’s biggest companies. This year, the study examined 23,896 security incidents, of which, 5,212 were confirmed data breaches.
While there are many throughlines between last year’s results and this year’s, one difference is that NINJIO had the opportunity to contribute to this year’s report. The good news is that our data has and will be contributing to worldwide awareness of some of the biggest attack vectors out there and how to thwart them; the bad news is that our data, along with the others in the study, reveal the number of vectors (and victims) is still on the rise.
To sum up the state of cybercrime over the last year, the report’s authors offered up this startling observation: “From very well-publicized critical infrastructure attacks to massive supply chain breaches, the financially-motivated criminals and nefarious nation-state actors have rarely, if ever, come out swinging the way they did over the last 12 months.”
What does that mean for your company? Here are a few of Verizon’s (and NINJIO’s CISO/COO Matt Lindley’s) key takeaways from the report and why they matter: 

Last year’s report attributed 85 percent of breaches to the human element, whereas this year it dropped to 82 percent. That’s a good sign—employees are becoming more vigilant against potential threats. However, it means that 82 percent of attacks could still have been avoided with proper security awareness training.

Phishing and stolen credentials continue to be the largest contributing attack vectors. While an average of only 2.9 percent of employees actually click on phishing emails, that is still more than enough for criminals to continue to use it. For example, in NINJIO’s breach data alone, there were 1,154,259,736 personal records breached — 2.9 percent would be 33,473,532 accounts successfully phished (akin to successfully phishing every person in Peru).

Supply chain attacks represented a large number of security incidents that were primary, secondary, and even tertiary events, all stemming from an originating supply chain attack. 2021 illustrated how one key supply chain breach can lead to wide-ranging consequences. Supply chain was responsible for 62 percent of system intrusion incidents this year. Unlike a financially-motivated actor, nation-state threat actors may skip the breach and keep the access.

Ransomware has continued its upward trend with an almost 13 percent increase–a rise as big as the last five years combined (for a total of 25 percent this year). It’s important to remember that ransomware by itself is really just a model of monetizing an organization’s access.

To read the full report, visit Verizon’s site here. 
At a time when “financially-motivated criminals and nefarious nation-state actors” are coming out in full swing, it’s never been more important to train your employees against all varieties of cyber threats. Get in touch with our experts to learn more about how NINJIO’s security awareness training solutions can help turn good cyber hygiene into a company-wide culture of security.