A Thing
The Green SheetGreen Sheet

Friday, May 27, 2022

Verizon finds ransomware robust and rising

Ransomware attacks are maturing in terms of execution, attack surface and geographic reach, according to the Verizon Business 2022 Data Breach Investigation Report (2022 DBIR) issued May 24, 2022. The report, now in its fifteenth year, is known for delivering cyberattack trend analysis in a down-to-earth, highly readable style. The 2022 DBIR warns enterprises of escalating activities, attributing four out of five data breaches to global organized crime.

Hans Vestberg, CEO and chairman at Verizon, noted the pandemic exposed flaws in network infrastructure that criminals continue to exploit. "As we continue to accelerate toward an increasingly digitized world, effective technological solutions, strong security framework and an increased focus on education will all play their part in ensuring that businesses remain secure, and customers protected," he said.

Dave Hylender, lead 2022 DBIR author, concurred, stating Verizon researchers identified common cybersecurity threats that organizations continue to face. "And while the report has evolved, the fundamentals of security remain the same," he said. "Assess your exposure, mitigate your risk and take appropriate action. As is often the case, getting the basics right is the single most important factor in determining success."

What's old is new again

Among the common threats that cybersecurity experts have warned about for years, is the third-party service provider that unwittingly opens a back door to hackers through a weak link, such as a default password, Verizon researchers noted. Sixty-two percent of system intrusions were conducted by partner organizations, and criminals exploit partner vulnerabilities, which are by far the weakest link in any organization's cybersecurity, they added.

The cover page of the 2022 DBIR shows a server room covered with dots that, researchers explained, symbolize the growing number of experts who have contributed to the series:

"The 2022 cover is a throwback to that report both for purposes of nostalgia and to convey that many organizations continue to struggle with keeping an eye on their people and their systems," researchers wrote. "The overlay of the timeline with the dot plot illustrates the number of global contributors that have joined us over the 15-year history of the report (broken out by year)."

Key takeaways

Pointing out that ransomware attacks increased by 13 percent, year-over-year, and that external actors are four times more likely to cause breaches in organizations than internal actors, Verizon researchers emphasized that humans initiated 82 percent of the past year's security data breaches.

Researchers noted that 2021 was marked by high-profile infrastructure attacks, security breaches and nefarious nation-state actors who "came out swinging." As always, they added, we examine what our data has to say about these events and other common attacks against enterprises, occasionally referring to previous reports to assess how threats are changing.

"The past few years have been overwhelming for all of us," researchers wrote. "Just when we think we have reached the uttermost limit of our ability to be surprised, the world throws us yet another curve ball. Honestly, at this point, we here on the team would not so much as blink if Sasquatch were elected Governor, if Area 51 opened a bed and breakfast, or if ransomware increased yet again. Spoiler alert – one of those things did, in fact, happen."

A copy of the report is available at www.verizon.com/business/resources/reports/dbir/. end of article

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

Facebook
Twitter
LinkedIn
2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007
A Thing