While it’s no surprise that ransomware attacks increased in 2021, the amount that it rose and the threat actors behind the trend disclosed in an annual report from Verizon were a bit startling.

“Of particular concern is the alarming rise in ransomware breaches, which increased by 13 percent in a single year—representing a jump greater than the past five years combined,” according to the 2022 Verizon Data Breach Investigations Report (DBIR) announcement. “As criminals look to leverage increasingly sophisticated forms of malware, it is ransomware that continues to prove particularly successful in exploiting and monetizing illegal access to private information.”

The DBIR, an annual report from Verizon that acts as a touchstone on what’s happening in the world of data breaches and incidents, analyzed 23,896 security incidents. Of those incidents, 5,212 were confirmed breaches.

• Incident: Security events that compromise the integrity, confidentiality, or availability of an information asset.
  
  
• Breach: Incidents that result in confirmed disclosure of data to an unauthorized party.

Other trends of note disclosed in the 2022 DBIR included that nearly four out of five breaches can now be attributed to organized crime. DBIR researchers also found that external actors were more than four times as likely to cause a breach at an organization than an internal actor.

The human element also played a major role in breaches analyzed during the review period, reinforcing that people are often the weakest link in cybersecurity defenses.

“Twenty-five percent of total breaches in the 2022 report were the result of social engineering attacks, and when you add human errors and misuse of privilege, the human element accounts for 82 percent of analyzed breaches over the past year,” the report explained.

And as the world grapples with supply chain issues, those same effects were felt in the cybersecurity world.

Analysis found that “sixty-two percent of system intrusion incidents came through an organization’s partner,” according to the DBIR. “Compromising the right partner is a force multiplier for cybercriminals, and highlights the difficulties that many organizations face in securing their supply chain.”

Geopolitical tensions are also playing a role in increasing the awareness, sophistication, and visibility of nation-state affiliated cyberattacks, Verizon said.

“Over the past few years, the pandemic has exposed a number of critical issues that businesses have been forced to navigate in real-time. But nowhere is the need to adapt more compelling than in the world of cybersecurity,” said Hans Vestberg, CEO and chairman, Verizon, in a statement. “As we continue to accelerate toward an increasingly digitized world, effective technological solutions, strong security frameworks, and an increased focus on education will all play their part in ensuring that businesses remain secure, and customers protected.”

Executive Actions

Ransomware. In a CISO panel discussion on the findings of the 2022 DBIR, Frank Aiello, CISO of Maximus, a government services company with operations in Australia, Canada, the United Kingdom, and the United States, said his organization is responding to the increased ransomware threat by focusing on readiness.

This focus is in part to ensure Maximus is prepared to handle a ransomware attack, should one occur, and also to demonstrate to insurers that it is taking the proper precautions. During the past few years, Aiello said he has noticed when Maximus reapplies for its cyber insurance that the follow-up questions and ransomware addendums have increased.

“It’s a focus area for them,” he said, adding that Maximus has implemented privileged administrative solutions and broader management of its administrator rights to mitigate risk.

Ronald Smalley, senior vice president and head of cybersecurity operations global cybersecurity services for Fiserv, a financial services technology company, said his organization is also focused on educating employees on the response process for a ransomware attack.

“We all think we know what we’re going to do. But let’s educate each other on the technical and non-technical response to make sure that people understand what the roles and responsibilities are going to be in managing these types of incidents,” Smalley said.

Culture. To address the human element aspect of cybersecurity, Smalley also said more needs to be done to educate colleagues and employees to create a security culture mind-set.

“It’s not just the normal hour-long click through educations you go through to hit your compliance training requirement; you really have to have that culture from the top,” he said. “You want to add security while reducing friction to the business, and explain why you’re doing it and why it’s there—because it’s designed to protect you.”

Supply chain. When it comes to addressing supply chain attacks, Rick Holland, CISO of Digital Shadows, a threat intelligence provider, said organizations should start with identifying what their assets are, what their critical assets are, and what vendors have access to them.

“Who are the vendors that have keys to the kingdom? Try to triage your supply chain to make it digestible,” Holland added.

Smalley also said that his organization’s cyber threat intelligence team is now more connected with the vendor risk management team and third-party risk management team so it can fully understand the threat landscape.

Taking this approach can help identify partnerships with key suppliers and vendors, as well as how both sides might react if there is a problem or an incident and who should be contacted first.

“Do you know the people? Are you going to do a call chain correctly? Understand how the interaction should happen if there is a problem and you need to reach the right people,” Smalley added.