Skip to content
Search AI Powered

Latest Stories

Median ransomware payment doubles to $26,000, Verizon says

Hackers launched more ransomware attacks on companies in the last two years than the previous 5 years combined, study finds.

verizon Screen Shot 2023-06-09 at 3.10.16 PM.png

Businesses are paying out soaring sums to retrieve their data after hackers encrypt their accounts, according to a report released this week by Verizon Business, the enterprise solutions division of the wireless data network provider.

The damage is caused by ransomware, which is malicious software (also known as malware) that encrypts an organization’s data and then extorts large sums of money to restore access, the Basking Ridge, New Jersey-based company said. That conclusion came from Verizon’s 16th annual Data Breach Investigations Report (2023 DBIR), which analyzed 16,312 security incidents and 5,199 breaches.


Ransomware remains one of the top cyberattack methods, representing almost a quarter of all breaches (24%). It has seen a dramatic rise in frequency over the past couple of years when the number of ransomware attacks was greater than the previous five years combined, Verizon said.

Part of the reason that ransomware is so popular with hackers is that it’s effective: The median cost per ransomware incident more than doubled over the past two years to $26,000.

In the overwhelming majority (74%) of incidents, hackers gain access to companies’ files through the human element, even as enterprises continue to safeguard critical infrastructure and increase training on cybersecurity protocols. One of the most common ways to exploit human nature is social engineering, which refers to manipulating an organization's sensitive information through tactics like phishing, in which a hacker convinces the user into clicking on a malicious link or attachment.

Executives are particularly vulnerable. “Senior leadership represents a growing cybersecurity threat for many organizations,” Chris Novak, managing director of Cybersecurity Consulting at Verizon Business, said in a release. “Not only do they possess an organization’s most sensitive information, they are often among the least protected, as many organizations make security protocol exceptions for them. With the growth and increasing sophistication of social engineering, organizations must enhance the protection of their senior leadership now to avoid expensive system intrusions.”

Another lucrative tactic for cybercriminals is social engineering, when attackers impersonate enterprise employees for financial gain, a method known as Business Email Compromise (BEC). The approach is especially effective when applied to businesses with distributed workforces, since they are challenged to create and strictly enforce human-centric security best practices for their remote employees. The median amount stolen in BECs has increased over the last couple of years to $50,000, based on Internet Crime Complaint Center (IC3) data.

And that trend might have contributed to a near doubling this past year of “pretexting,” an invented scenario that tricks someone into giving up information or committing an act that may result in a breach, Verizon said.

In other findings, the report found:

  • espionage garners substantial media attention, but only 3% of threat actors were motivated by espionage; the other 97% were motivated by financial gain. 
  • hackers tend to use new techniques soon after vulnerabilities are discovered. For example, 32% of yearly Log4j vulnerability scanning occurred in the first 30 days after its release, demonstrating threat actors’ velocity when escalating from a proof of concept to mass exploitation.
  • hackers use a variety of different techniques to gain entry to an organization, such as using stolen credentials (49%), phishing (12%), and exploiting vulnerabilities (5%).

 Finally, the report concluded that enterprises can help safeguard their critical infrastructure by adopting industry leading protocols and practices. For example, Verizon recently became the first nationwide telecom provider to become a participant of Mutually Agreed Norms for Routing Security (MANRS), a global initiative that provides crucial fixes to reduce the most common routing threats that can be exploited by attackers.

 

 

Recent

More Stories

photos of grocery supply chain workers

ReposiTrak and Upshop link platforms to enable food traceability

ReposiTrak, a global food traceability network operator, will partner with Upshop, a provider of store operations technology for food retailers, to create an end-to-end grocery traceability solution that reaches from the supply chain to the retail store, the firms said today.

The partnership creates a data connection between suppliers and the retail store. It works by integrating Salt Lake City-based ReposiTrak’s network of thousands of suppliers and their traceability shipment data with Austin, Texas-based Upshop’s network of more than 450 retailers and their retail stores.

Keep ReadingShow less

Featured

minority woman with charts of business progress

Study: Inclusive procurement can fuel economic growth

Inclusive procurement practices can fuel economic growth and create jobs worldwide through increased partnerships with small and diverse suppliers, according to a study from the Illinois firm Supplier.io.

The firm’s “2024 Supplier Diversity Economic Impact Report” found that $168 billion spent directly with those suppliers generated a total economic impact of $303 billion. That analysis can help supplier diversity managers and chief procurement officers implement programs that grow diversity spend, improve supply chain competitiveness, and increase brand value, the firm said.

Keep ReadingShow less
Logistics industry growth slowed in December
Logistics Managers' Index

Logistics industry growth slowed in December

Logistics industry growth slowed in December due to a seasonal wind-down of inventory and following one of the busiest holiday shopping seasons on record, according to the latest Logistics Managers’ Index (LMI) report, released this week.

The monthly LMI was 57.3 in December, down more than a percentage point from November’s reading of 58.4. Despite the slowdown, economic activity across the industry continued to expand, as an LMI reading above 50 indicates growth and a reading below 50 indicates contraction.

Keep ReadingShow less
pie chart of business challenges in 2025

DHL: small businesses wary of uncertain times in 2025

As U.S. small and medium-sized enterprises (SMEs) face an uncertain business landscape in 2025, a substantial majority (67%) expect positive growth in the new year compared to 2024, according to a survey from DHL.

However, the survey also showed that businesses could face a rocky road to reach that goal, as they navigate a complex environment of regulatory/policy shifts and global market volatility. Both those issues were cited as top challenges by 36% of respondents, followed by staffing/talent retention (11%) and digital threats and cyber attacks (2%).

Keep ReadingShow less
women shopping and checking out at store

Study: Over 15% of all retail returns in 2024 were fraudulent

As retailers enter 2025, they continue struggling to slow the flood of returns fraud, which represented 15.14%--or nearly one-sixth—of all product returns in 2024, according to a report from Appriss Retail and Deloitte.

That percentage is even greater than the 13.21% of total retail sales that were returned. Measured in dollars, returns (including both legitimate and fraudulent) last year reached $685 billion out of the $5.19 trillion in total retail sales.

Keep ReadingShow less