Dive Brief:
- The number of data security incidents during 2022 was almost identical to the prior year, according to a study by BakerHostetler released last week. Ransomware actually lagged 2021 levels, until a surge at the end of the year.
- The average ransom demanded was $3.7 million in 2022, however the average ransom paid was more than $600,000, a 15% increase from prior-year figures. The healthcare industry saw the largest increase in paid ransoms, surging 78% to $1.56 million.
- The time it takes to respond to, contain and investigate incidents dropped in 2022 compared to the year prior. Dwell times fell to 39 days, from 66 the year prior and containment now takes three days, instead of four. Investigations took an average of 36 days in 2022, compared with 41 the prior year.
Dive Insight:
The changes largely reflect improvements in how companies and other organizations prepare and respond to cyberattacks and data breaches.
Since the nation-state supply chain attacks that hit SolarWinds and other companies in 2020 and the wave of ransomware attacks against Colonial Pipeline and other major companies, there has been a concerted effort to educate critical industry providers and other organizations about how to better detect and respond to malicious threat activity.
Malicious actors, however, found many new methods to launch attacks, including multifactor authentication bombing, EDR-evading malware and social engineering. They're also using search engine optimization poisoning, creating fake websites to get customers to enter their credentials.
The report, based on data from more than 1,160 security incidents, shows many organizations have implemented stronger measures to boost resiliency in the face of malicious attacks.
Among the new measures, organizations have implemented multifactor authentication, endpoint detection and response tools, added immutable backups to preserve data and stood up security operations centers to monitor network activity in real time.
Organizations face a significant risk of legal action, particularly if they collect data and manage digital assets.
“Over time, as regulators see underlying causes and subsequent remediation, they identify measures they believe should be part of a baseline security program,” Craig Hoffman, partner at BakerHostetler and co-leader of the firm’s digital risk advisory and cybersecurity team, said via email. “And if you are on the tail end of the adoption curve, you run the risk of standing out as an outlier.”