Cyberattacks continue to rise as bad actor motivations evolve
Since the tracking of cybersecurity trends began 15 years ago with the Data Breach Investigations Report (DBIR), the data sets have revealed many shifting motivations and strategies behind the bad actors seeking to cause immense harm. One thing has remained consistent: the threat of cyberattacks is real and a daily global onslaught.
Today, bad actors are targeting large organizations and individuals alike in many forms: phishing, vulnerability exploits and botnets, to name a few. Cases of ransomware alone increased 13 percent between this year and last – greater than the last five years combined – according to the report.
Continued global unrest, such as the war in Ukraine, continues to be an opportunity to heighten cyberattacks, disabling critical infrastructure and sending security leaders into a disarray. Unfortunately, no public or private organization is safe unless they have ways to handle pervasive threats like credentials, phishing, exploits and botnets.
The reasons for hacking have certainly shifted over time. When Verizon first started tracking actor motives, financial gain was the top reason followed by hacktivism. Today, financial motivations still remain No. 1, followed by espionage, something that barely registered in the first report.
A closer look at cyberthreats
The 2022 DBIR reveals that not only do old methods continue to be adopted, new ones have emerged as well. Data was collected from 87 organizations that were victims of cyberattacks, and between the original report in 2008 and this year, the biggest shift is the growing importance of end users whom bad actors prey on for system access.
In fact, the human element accounts for 82 percent of breaches, and credentials are associated with 45 percent of the breaches analyzed in 2022. These include social attacks, error and misuse, phishing, and pretexting.
While actual human error accounts for 6 percent of breaches this year – down from a high of 11 percent in 2019 – the fallibility of employees should not be discounted in areas such as misconfigured cloud storage. External actors, meanwhile, are approximately four times more likely to cause breaches in an organization than internal actors. Ransomware also saw a big uptick, surging by 13 percent in just one year; this represented a jump greater than the past 5 years combined. Ransomware provides a potent way to monetize access to a wider range of victims than was possible in the past.
For the report, simulations of 500 ransomware actors with 300 ransomware incidents each were ran, and while only 1.4 percent lost money, the median threat actor made $178,465 and the top simulated actor made $3.572,212.
Most threats remain timeless, however, with attackers leveraging remote access and web applications as a preferred method of gaining access to an organization, accounting for about half of all breaches. So, who’s responsible for this mess? As per the DBIR analysis, roughly four-in-five breaches come from organized crime, with external actors approximately four times more likely to cause breaches in an organization than internal actors.
Espionage is the second biggest reason for the increase in cases of cyberattacks. In the past year, one of the most notable cases was a supply chain breach via a cyberattack that went undetected for months. Several major firms and top government agencies were also affected adversely due to this attack.
Supply chain attacks like these have become a force multiplier for threat actors and point to a troubling new reality for security leaders at many organizations. Unlike a financially motivated actor, nation-state threat actors may skip individual breaches to keep access and leverage them at a future and possibly more critical date.
The story in India is no different as attacks are on the rise. The Indian Computer Emergency Response Team (CERT-In) reported more than 2.12 lakh cybersecurity incidents up to February in 2022. This has already surpassed the total of just over 14.02 lakh cyber security related incidents in 2021.
Protect your employee front line
There is a slight decline in the “human element” cause for breaches – where people inadvertently or unknowingly make the system vulnerable to attack – from 85 percent in 2021 to 82 percent in 2022. But it is unlikely that this vulnerability will ever fully go away. Therefore, it is crucial to develop strategies that will help reduce risks.
These include training, offering incentives to vigilant employees or a mix of the two. In addition, systems must be tested, and other strategies adopted to make sure these techniques are actually working to reduce the instances of human-related breaches. Some ways to achieve this are: focusing on a specific group of employees, creating measurable outcomes, and developing specific types of training materials to ensure the message is conveyed effectively.
No matter how leaders choose to face these cyberthreats, the reality is that they continue to come from around the globe at a rapid pace. To successfully turn the tide on the ever-growing risks, raising awareness about the myriad threats is an essential first step.
(The author is Mr. Chris Novak, Global Director, Threat Research Advisory Center, Verizon Business Group and the views expressed in this article are his own)