Verizon Report Reveals a Near Doubling of Business Email Compromise Attacks

Highlights:

• The Verizon report highlights that ransomware continues to pose a substantial threat, with 24% of all breaches involving this attack.
• According to Roy Akerman, co-founder and CEO of Rezonate Inc., the report is an important indicator and facilitator of the rise in business email compromise.

Verizon Communications Inc. has released a recent report outlining the increase in data breaches during the past year. The findings reveal that business email compromise attacks have nearly doubled, constituting over 50% of all social engineering incidents.

Recently, the 16^th annual Data Breach Investigations Report was published, examining 16,312 security incidents and 5,199 breaches to draw its conclusions. The report highlights that the human factor played a significant role in 74% of all incidents, frequently due to errors, misuse of privileges, stolen credentials, or the utilization of social engineering techniques.

Approximately 83% of breaches were discovered to involve external entities, primarily driven by financial gain, which constituted 95% of the incidents. The primary methods attackers employ to infiltrate organizations include using stolen credentials, phishing attacks, and exploiting vulnerabilities.

The report highlights that ransomware continues to pose a substantial threat, with 24% of all breaches involving this attack. Ransomware incidents impact organizations of all sizes and span across different industries. Furthermore, the study reveals that the median cost of ransomware attacks has more than doubled in the past two years, reaching USD 26,000. Notably, 95% of incidents resulting in losses incurred costs ranging from a million dollars to USD 2.25 million.

The report draws attention to Log4j attacks, initially observed in December 2021. It reveals that more than 32% of all malicious activity related to Log4j occurred within 30 days of its discovery, with a notable surge in activity occurring within just 17 days. This finding underscores the rapidity at which cybercriminals exploit recently disclosed vulnerabilities.

Bhaven Panchal, Senior Director of service delivery at Cyware Labs Inc., the threat intelligence solutions provider, said, “With the median costs of ransomware attacks doubling since last year and reaching the million-dollar range, the new Verizon DBIR once again highlights the upward inflationary trend of the cost of data breaches. Another striking revelation is the prevalence of the human element as the contributing factor behind breaches, whether it be through errors, privilege misuse, use of stolen credentials, or social engineering.”

According to Roy Akerman, Co-founder and CEO of Rezonate Inc., the report is an important indicator and facilitator of the rise in business email compromise. Akerman highlights the report’s emphasis on the reliance on privileged identities and access within an environment dominated by cloud computing and software-as-a-service.

Akerman added, “The attackers need to obtain access, making identity security more critical than ever. This aligns with the fact that the root cause of 74% of breaches were identity-related or enabled, which aligns with Verizon DBIR findings over the last decade.”