Security News > 2023 > February > New cybersecurity data reveals persistent social engineering vulnerabilities

New research from NCC Group and Abnormal Security shows clouds and a bit of silver to line them: Ransomware attacks declined last year, but business email compromises increased - massively for smaller businesses - and a third of toxic emails got through their human gateways.

According to risk management firm NCC Group, there was a 5% drop in ransomware attacks last year - from 2,667 attacks in 2021 to 2,531 attacks in 2022 - although between February and April there was an uptick due to LockBit activity during the Russia-Ukraine war.

According to NCC Group, the most targeted sectors in 2022 were: industrials, with 804 organizations hit, constituting 32% of attacks; consumer cyclicals, attacked 487 times for 20% of attacks; and the technology sector, targeted 263 times for 10% of all attacks.

Last year, social engineering attacks were big news after Cisco was compromised by phishing exploits and Microsoft, Samsung, NVIDIA and Uber were breached by Lapsu$.

"Some employees may believe that as long as they don't engage with the attacker, they've done their duty, even though it eliminates the opportunity for the security team to warn other employees about the attack."

"We're looking at the ratio of BEC attacks per 1,000 mailboxes," Hassold said, "Even though SMBs do make up a vast majority of businesses, the reasoning for this datapoint likely has to do with the overall increase in BEC attacks in the second half of the year and SMBs being more susceptible to these attacks, since they aren't able to invest as much into defenses that would stop them."

News URL

https://www.techrepublic.com/article/persistent-social-engineering-vulnerabilities/