Last year saw a 13 per cent increase in ransomware breaches across the world, marking a sharper increase than the previous five years combined, according to Verizon’s Data Breach Investigations Report (DBIR) 2022. The report analysed data from over 87 organisations and identified over 23,896 security incidents and 5,212 data breaches.
The four major paths towards enabling these breaches were stolen credentials (more than 40 per cent of cases), phishing (close to 20 per cent of the cases), exploitation of vulnerabilities (more than 5 per cent of the cases) and the usage of botnets. The study also found that 82 per cent of breaches were due to direct human error. The number one motive behind these breaches was financial gain, followed by espionage.
“These days, it is very easy to deploy malware or ransomware. You can go to the darknet, check what you want, pay for it and you get it. But obviously, there are APT (advanced persistent threat) groups that use their own custom software,” Anshuman Sharma, Senior Manager and Head Investigative Response, APJ at Verizon told indianexpress.com.
According to Sharma, a majority of the cases involving vulnerability exploitation happened because a known vulnerability was not patched and not because of “zero-day” vulnerabilities, which are unknown to the developers of the system.
“But organisations are getting better at patching vulnerabilities faster. They are getting more proactive and have stronger vulnerability management programs in place,” added Sharma.
In the Asia Pacific region, social engineering, basic web application attacks and system intrusions account for 98 per cent of the breaches. While the APAC region experienced a high number of social engineering and hacking-related cases, it had a much lower number of ransomware cases than other areas.
According to Sharma, companies need to educate themselves of the tools, techniques and procedures used by threat actors in the recent attacks in their industry verticals. They must also understand how affected companies respond to such incidents and what techniques are employed. “Most important for me, is finding out how your organisation’s cybersecurity spendings have changed over the years and whether it is keeping up pace with the industry or lagging behind. If it is, you need to find out why,” he added.