You were right if it felt like ransomware attacks were all over the headlines over the past year. According to the 2022 Verizon Data Breach Investigations Report, ransomware attacks were up more than the last five years combined last year and marked an “unprecedented year in cybersecurity history.”
According to the report, which marked its 15-year anniversary, ransomware attacks rose 13 percent yearly. Some of these landmark attacks in 2021 include the attacks on the Colonial Pipeline, meatpacking company JBS Foods, National Basketball Association, insurer CNA, Kaseya, and other organizations. These attacks affected global supply chains, prevented customers from accessing critical services, and caused significant damage to the organizations involved.
In analyzing the rise of ransomware, the report said the rise in ransomware was “particularly concerning” due to its rapid increase. The report said that cybercriminals continue to advance the malware they can use in their attacks. Still, it said ransomware remains a top attack tactic because it, unfortunately, continues to prove to be incredibly successful against organizations of every type, both in its ability to compromise the organizations and, in many cases, to return a quick payment to attackers.
In addition to ransomware, the Verizon Data Breach Investigations Report tracked many other types of attacks that an SMB should pay attention to. The report in total tracked 23,896 security incidents last year, including 5,212 confirmed breaches. In addition to rises in organized crime behavior, accounting for 4 in 5 breaches, the report said other factors such as heightened geopolitical tensions and increased digital transformation globally contributed to the rise in attacks.
What can an SMB or other organization do to limit the risk to their organization amidst this rise in attacks? It first starts with recognizing some of the primary attack vectors that allow these breaches to enter an organization. According to the Verizon Data Breach Investigations Report, social engineering, human error, and privilege misuse remain weak spots for organizations, accounting for 82 percent of analyzed breaches over the past year. With this in mind, SMBs should take the time to educate their employees on cybersecurity best practices, such as recognizing suspicious links or attachments.
In addition to educating employees, practicing cybersecurity basic best practices remains one of the primary ways an organization can limit its risk. These best practices include implementing regular patching practices, leveraging tools such as antivirus, and continuously monitoring for signs of potential compromise. “As is often the case, getting the basics right is the single most important factor in determining success,” said Dave Hylender, lead author of the DBIR, in a statement.
Every SMB needs to pay close attention to this rise in attacks, especially if we continue to see new records of cybersecurity risk. As the rise in ransomware and other types of incidents shows, cybercriminals don’t discriminate based on size or industry. SMBs must take the steps necessary to protect their organizations, employees, and customers from compromise.