Report Shows Cyberattacks Over Work Email Most Used; Ransomware Hits Victims Hard

Business email compromise is now the top method of cyberattack, according to a survey from cybersecurity firm Arctic Wolf.

Of the 1,000 surveyed senior IT and cybersecurity decisionmakers from organizations in more than 15 countries, 70% said they were targets of at least one business email compromise (BEC). Nearly 30% said they were victims of one or more successful BEC attacks. Twenty-one percent were able to prevent the attempt or attempts.

Related: Report: Cybercrime ‘A Thriving Business,’ as U.S. Claims Frequency Rises

“Attackers are focusing on the human element, as evident with the overwhelming targeting via business email compromise,” said Ian McShane, vice president, Managed Detection and Response (MDR), Arctic
Wolf.

Arctic Wolf’s State of Cybersecurity: 2024 Trends Report found 51% of respondents ranked ransomware as the primary cyber concern for the third straight year, 45% claims to have been hit by a ransomware attack in the last 12 months. A large majority, 86%, said these attacks included data exfiltration.

“Interestingly, only 57% of victims were notified of the data exfiltration by the ransomware perpetrators. In their communications, these threat actors included data release prevention as part of the ransom demand,” Arctic Wolf said. “The remaining 28% of victims who identified successful data exfiltration as part of their investigation into the event were not notified by the perpetrators. In these circumstances the threat actors would likely have been planning a secondary extortion attempt threatening the unauthorized release or other malicious usage of this stolen data.”

Arctic Wolf said the current median ransom demand to is $600,000. Victim organizations paid either some or all of the ransom demand 83% of the time. But there is also another toll. Almost all (94%) of those who were bit by ransomware, experienced experienced a period of significant downtime and delays in productivity, with 40% saying they experienced a period of total work stoppage. Half of those surveyed said productivity was substantially impacted anywhere from four months to more than a year following a successful attack.

“Our position aligns with the general recommendations of the FBI: If possible, ransom demands should not be paid, as this is the only way we can hope to discourage these attacks. However, the decision on whether to pay is one that must be made by stakeholders within the victim organization once presented with all possible evidence and options,” said the firm.