With attacks growing in sophistication, and cybersecurity budgets and headcounts remaining stagnant, it’s important for organizations to understand what’s truly at stake in a cyberattack, so that they can properly allocate their resources and prioritize their prevention strategies.
Unfortunately, in cybersecurity, it’s often challenging to quantify risk — and some of our most common ways of evaluating risk fall short of capturing the effects of some attacks, particularly ransomware attacks.
Quantifying Risk
Most cybersecurity practitioners are familiar with the “heatmap” matrix commonly used to evaluate cybersecurity risk. On one axis, likelihood proceeds from “rare,” “remote” or “very unlikely” to “almost certain,” “very likely” or “frequent.” Along the other axis, attack impact is ranked with terms like “negligible” and “insignificant” on one end and “catastrophic” or “severe” on the other. Find the point where the axes intersect for whichever sort of incident you’re envisioning, and that’s your risk ranking. But while these matrices can be useful tools, they shouldn’t form the basis for your cybersecurity decision-making on their own. The context they can provide is valuable, but they aren’t capable of adequately capturing the full scope of risks posed by attacks such as ransomware.
How Risky is Ransomware?
In CISA’s most recent Cost of Cyber Incidents report, ransomware was only the second-most common loss category for SMBs, lagging significantly behind social engineering. Among large entities, there was only a single ransomware incident among the businesses surveyed, versus 18 for “malware/virus” and 20 for “hacker.”
2022 Global Cyberattack Trends
In this greatly expanded threat landscape, knowing your adversary has never been more crucial. Here’s a preview of what they were up to in 2022:
493.3 Million
Ransomware Attacks
139.3 Million
Cryptojacking Attacks
5.5 Billion
Malware Attacks
7.3 Million
Encrypted Threats
6.3 Trillion
Intrusion Attempts
112.3 Million
IoT Malware Attacks