Average cost of data breaches to surpass $5 mn per incident in 2023: Report
Despite increased awareness and security teams’ efforts, the cybersecurity landscape seems to worsen every year, with cyber researchers predicting that the average cost of a data breach is expected to reach $5 million by next year, according to a new research.
Researchers at cybersecurity company Acronis also saw threats from phishing and malicious emails have increased by 60%, and social engineering attacks jump in the last four months, accounting for 3% of all attacks.
Another report published on July 28, by IBM Security estimated average cost of a data breach in India went up an all-time high of ₹17.5 crore in 2022, a 6.6% increase from last year. Moreover, India's average per record cost of a data breach 2022 reached ₹6,100, a 3.3% increase from ₹5,900 in 2021, according to the 'Cost of Data Breach Report 2022' by tech major IBM.
The Acronis research shows that leaked or stolen credentials, which allow attackers to easily execute cyber-attacks and ransomware campaigns, were the cause of almost half of all reported breaches in the first half of 2022, the study shows.
Ransomware threats to businesses including government, healthcare, education and other sectors is also getting worse, the Acronis study shows, with every month in the second half of this year, ransomware gangs added 200-300 new victims to their combined list.
The market of ransomware operators was dominated by 4-5 players. By the end of Q3, the total number of compromised targets published for the main operators in 2022 include LockBit (1157), Hive (192), BlackCat (177) and Black Basta (89).
There were 576 publicly-mentioned ransomware compromises in Q3, a slight increase from Q2.
Between July and October, Acronis found that the proportion of phishing attacks has risen by 1.3 fold, accounting for 76% of all attacks — an 18% increase from a prior Acronis report released earlier this year, said the study. Spam rates increased by over 15% — reaching 30.6% of all inbound traffic.
The United States led as the country with the most clients experiencing malware detections at 22.1% in October 2022, followed by Germany with 8.8% and Brazil with 7.8%. These numbers represented a small increase for the US and Germany, especially in financial trojans.
Acronis report shows, South Korea, Jordan and China ranked as the most attacked countries in terms of malware per user in the third quarter. India has had its share of cyber-attacks too. The country grabs the ninth spot percentage of clients with at least 25 active machines and at least 25 malware detections per country in November 2022. The percentage means that out of all actively protected workloads in that country that specific amount had at least one malware attack blocked.
Also, as per blocked URLs by region, the country ranks second with 16.8% after Philippines at 19%. India also takes the 5th place (22.5%) after China, Thailand, South Korea and Vietnam, among countries in malware detection.
Candid Wüest, Acronis' VP of Cyber Protection Research, said that attackers are “constantly evolving their methods, now using common security tools like MFA that many companies rely on to protect their employees and businesses”.
In other words, the report shows that as security tactics and the technologies associated with them evolve, so do the threat actors trying to break into organisations and their ecosystems. He added, “The constant feed of ransomware, phishing and unpatched vulnerabilities demonstrate how crucial it is for businesses to re-evaluate their security strategies,” he said.