Since we began holistically tracking cybersecurity trends 15 years ago with our annual Data Breach Investigations Report (DBIR), we've seen many shifting motivations and strategies behind the bad actors seeking to cause immense harm. One thing has remained consistent: the threat of cyberattacks is real and a daily global onslaught.
Today, bad actors are targeting large organizations and individuals alike in many forms: phishing, vulnerability exploits, and botnets, to name a few. Cases of ransomware alone increased 13 percent between this year and last—greater than the last five years combined—according to our latest 2022 DBIR.
Continued global unrest, such as the war in Ukraine, continues to be an opportunity to heighten cyberattacks, disabling critical infrastructure and sending security leaders into a disarray. Unfortunately, no public or private organization is safe unless they have ways to handle pervasive threats like credentials, phishing, exploits, and botnets.
The reasons for hacking have certainly shifted over time. When we first started tracking actor motives, financial gain was the top reason followed by hacktivism. Today, financial motivations still remain No. 1, followed by espionage, a motivation that barely registered in our first report.
A closer look at cyberthreats
Our new report shows some enduring themes—and a few new ones, as well. We collected the most data ever from 87 organizations that were victims of cyberattacks, and between the original report in 2008 and this year, the biggest shift we've seen is the growing importance of end-users whom bad actors prey on for system access.
In fact, the human element accounts for 82 percent of breaches, and credentials are associated with 45 percent of the breaches analyzed in 2022. These include social attacks, error and misuse, phishing, and pretexting.
While actual human error accounts for 6 percent of breaches this year—down from a high of 11 percent in 2019—the fallibility of employees should not be discounted in areas such as misconfigured cloud storage. External actors, meanwhile, are approximately four times more likely to cause breaches in an organization than internal actors.
As I mentioned, ransomware also saw a big uptick, surging by 13 percent in just one year; this represented a jump greater than the past five years combined. Ransomware provides a potent way to monetize access to a wider range of victims than was possible in the past.
For the report, we ran simulations of 500 ransomware actors with 300 ransomware incidents each, and while only 1.4 percent lost money, the median threat actor made $178,465 and the top simulated actor made $3,572,212.
Most threats remain timeless, however, with attackers leveraging remote access and web applications as a preferred method of gaining access to an organization, accounting for about half of all breaches.
So, who's responsible for this mess? Our analysis finds roughly four-in-five breaches come from organized crime, with external actors approximately four times more likely to cause breaches in an organization than internal actors.
As I mentioned, espionage is now the No. 2 reason for the increase in cases of cyberattacks, and unfortunately there are many recent examples. In the past year, one of the most notable cases was a supply chain breach via a Russian cyberattack that went undetected for months, with far-reaching effects touching major firms and top government agencies.
Supply chain attacks like these have become a force multiplier for threat actors and point to a troubling new reality for security leaders at many organizations. Unlike a financially motivated actor, nation-state threat actors may skip individual breaches in order to keep access and leverage them at a future and possibly more critical date.
Protect your employee front line
The human element impact on breaches may have declined slightly—from 85 percent in 2021 to 82 percent this year—but this vulnerability may never fully go away. To keep things moving in the right direction, leaders at organizations large and small must develop strategies to further reduce the risks.
Typically, that includes training, incentives, or a mix of the two. Either way, it's important to establish testing and other strategies to make sure these techniques are actually working to reduce the instances of human-related breaches. That could mean targeting a specific group of internal employees, creating measurable outcomes, and developing specific types of training materials to ensure the message is being heard.
No matter how leaders choose to face these cyberthreats, the reality is they continue to come from around the globe at a rapid pace. To successfully turn the tide on the ever-growing risks, raising awareness about the myriad threats is an essential first step.
