I was recently reading Verizon’s annual Data Breach Investigations Report for 2022. For those of you not familiar with this report, it is a leading analysis of cybersecurity trends that dives deep into the data behind incidents and breaches reported over the last 12 months. It is a lengthy read, but if you like data and cybersecurity, you can find a link to the report here. The report can provide some interesting insight into where attackers may be heading and where the industry needs to focus more attention.
While there are a lot of interesting facts and figures in this report, there were a couple of items that really stood out to me at first glance. This year’s report notes that 40% of all ransomware incidents involved desktop sharing tools such as Microsoft Remote Desktop Protocol (RDP), usually involving stolen credentials. Another 35% of incidents involve phishing attacks against corporate email. So right here we have two vectors that account for 75% of all of last year’s ransomware incidents.
Let’s start by taking a look at services such as RDP and VPN. These services are designed to give remote users access to your internal resources. For well over 10 years, we have seen ransomware operators targeting these services to spread their wares, and yet, it is still the most attacked vector. The story is similar for phishing attacks. We’ve been fighting phishing for years, and yet it is still very successful. Yes, the bad guys have gotten better at writing more believable emails, but they haven’t really changed their methods. It’s still just a social-engineered message to take advantage of people’s natural tendencies.
So, if these areas continue to be an issue year after year, the question becomes, “Is this just the way it is?” The answer is no, it doesn’t have to be. With the drive towards a more remote workforce, there are new technologies available that can increase your security for those remote resources. Multifactor Authentication (MFA) is no longer just a nice thing that big companies have, but a necessity for everyone, even individuals. Everyone that uses email should have regular training in how to identify and report phishing emails. We have the ability to start turning things around. It’s going to take some rethinking of technology architectures and modernizing infrastructure, but it can be done, and Keller Schroeder can help you get there. Contact us today or talk to your Keller Schroeder Account Manager about reviewing your infrastructure to keep you from becoming a statistic in the next report.
If you need any assistance with understanding the details within the advisory, understanding your current cybersecurity posture, your preparedness for a breach, or any other cybersecurity topic, we would love to have a discussion with you. Contact us today, and let’s chat about your environment and ways to lower your chances of becoming a victim of cybercrime.