Latest news with #ChrisNovak
Forbes
27-04-2025
- Business
- Forbes
The 5,365 Ransomware Attack Rampage — What You Need To Know
Verison's DBIR report reveals ransomware rampage. As cyberattacks of all flavors continue at an astonishing speed, the FBI issues a do-not-click warning and threat actors find worrying new ways to compromise your accounts, do not ignore the old guard. That's the takeaway from the latest Verizon data breach investigations report, which has revealed that the ransomware rampage is far from over. Given that certain ransomware actors are getting a lot of virtual column inches courtesy of a $1 trillion ransom demand if victims don't respond with a DOGE-trolling bullet list of achievements for the week, you might be excused for thinking that the extortion business has become something of a joke. That, dear reader, would be a big mistake. How big? Well, just look at the numbers: according to the 2025 Verizon DBIR, ransomware attacks have risen by 37% since last year, and are now present in 44% of breaches. Despite the silliness of the DOGE Big Balls ransomware attackers, the median ransom amount paid has decreased from $150,000 to $115,000. The numbers that concern me, and should you, are the ones relating to the presence of ransomware malware itself in data breach incidents. The Verizon DBIR report analyzed 22,000 incidents, of which 12,195 were confirmed data breaches. Some 44% of these, 5,365 to be precise, contained ransomware. That is a 37% jump and represents the extent to which the ransomware rampage is impacting businesses. "The DBIR's findings underscore the importance of a multi-layered defense strategy," Chris Novak, vice president of global cybersecurity solutions at Verizon Business, said. "Businesses need to invest in robust security measures, including strong password policies, timely patching of vulnerabilities, and comprehensive security awareness training for employees." The ransomware rampage is set to continue, according to Nick Tuasek, lead security automation architect at Swimlane, who warns that the 'popularization of Ransomware-as-a-Service on the dark web, sophisticated insider threat recruitment efforts by ransomware operators, and the continued rise of the cryptocurrency economy,' will drive this resurgence. Tactics are changing as well, with some threat actors moving to the deletion of data as part of their normal operations, Brandon Williams, chief technology officer at Conversant Group, has warned. 'If this gains traction this year,' Williams said, 'organizations will not have a method to recover by simply paying a ransom and hoping to get a working decryption tool.' The only method of recovery will be backups, but as Williams said, backups do not typically survive these kinds of ransomware breaches. 'According to our own research, ' Williams said, '93% of cyber events involve targeting of backup repositories, and 80% of data thought to be immutable does not survive.' Regardless of the ransomware actor and the ransomware malware deployed, the foundational controls still matter. 'Knowing your total attack surface, testing your environment with an eye toward efficient remediation is key,' Trey Ford, chief information security officer at Bugcrowd, said. Enterprise controls, including visibility, hardening, and MFA for domain admin and remote access, are paramount. 'There is a strong correlational reason cyber insurance underwriters care about those key controls and coverage in the application process,' Ford concluded. If those controls are not adequate, cyber insurance underwriters might have to pay out. Do not let the ransomware rampage swallow your data whole in the coming year; take heed of the warnings and act now to defend your enterprise.
Yahoo
23-04-2025
- Business
- Yahoo
AI impact on data breach outcomes remains ‘limited': Verizon
This story was originally published on CIO Dive. To receive daily news and insights, subscribe to our free daily CIO Dive newsletter. Despite fears, the recent waves of AI uptake have yet to require a cybersecurity overhaul, according to Verizon's 18th edition of its Data Breach Investigations Report published Wednesday. AI-generated text in malicious emails has doubled in the past year, but the rate of successful phishing breaches stayed stable, the report found after analyzing more than 22,000 security incidents. 'While we've observed gradual adoption of these technologies, their impact on breach outcomes remains limited,' Chris Novak, VP of Verizon Global Cybersecurity Solutions, said in an email. 'We are actively tracking AI developments but, currently, no breakthroughs necessitate major shifts in defensive strategies.' Cybersecurity risks are a top concern for business leaders globally, especially as ongoing AI additions expand the attack surface and make techniques like phishing more accessible for novice bad actors. For now, however, the cybersecurity status quo remains relatively unchanged, but that could shift. 'More traditional attacks, like exploiting software vulnerabilities, continue to be more prevalent,' Novak told CIO Dive. 'We anticipate AI advancements on both the offensive and defensive fronts will likely progress in tandem as practical applications are explored.' IT leaders still need to keep an eye on shadow AI within their organization. Verizon found a large number of employees using AI via a non-corporate email or without an integrated authentication system in place, suggesting unsanctioned use. Technology decision-makers should also begin to adapt protocols and upskill teams to address worries around AI's risks. More than half of executives say the complexity of AI applications has weakened their company's cybersecurity posture, and around 2 in 5 organizations don't have the skills needed to secure workloads, according to a Flexential report. The cybersecurity market is poised to balloon as AI's risks come into clearer view. Global cybersecurity spending is predicted to reach $338 billion by 2033, up from $152 billion in 2023, Bloomberg Intelligence analysts expect. Even as employers take a 'wait-and-see' approach to hiring amid uncertain economic conditions, cybersecurity engineers and analysts are among the roles in highest demand, a CompTIA analysis of U.S. Bureau of Labor Statistics data found. Sign in to access your portfolio
Associated Press
23-04-2025
- Business
- Associated Press
Verizon's 2025 Data Breach Investigations Report: System Intrusion Breaches Double in EMEA
LONDON, April 23, 2025 (GLOBE NEWSWIRE) -- Verizon Business today released its 2025 Data Breach Investigations Report (DBIR), revealing a dramatic surge in global data breaches, with EMEA experiencing a significant increase in system intrusion breaches. These breaches have skyrocketed, nearly doubling to 53% of breaches in the region in just one year. The 2025 DBIR, which analysed over 22,000 security incidents, including 12,195 confirmed data breaches, found third-party involvement doubling to 30% in this year's report and a 34% surge in vulnerability exploitation globally. In EMEA, nearly a third (29%) of breaches originated from within the organisation, a stark contrast to APAC, where only 1% of threats are from internal actors, and North America, where internal threats account for just 5% of breaches. Although EMEA experienced the highest percentage of breaches caused by internal actors, the number of insiders decreased by 41% in 2025. This decline was due to a faster increase in other types of breaches. 'The alarming rate of employee-driven breaches in EMEA underscores a critical need for businesses to strengthen their internal cybersecurity. Organisations must go beyond guarding against external threats and foster a culture of security awareness and accountability within,' said Sanjiv Gossain, Group Vice President and Head of EMEA of Verizon Business. 'The surge in system intrusions across EMEA is a clear warning to organisations to urgently fortify both external defenses and internal controls through comprehensive employee training, robust access controls, and zero-trust frameworks.' Key EMEA Findings: Key Global Findings: 'The DBIR's findings underscore the importance of a multi-layered defense strategy,' said Chris Novak, Vice President, Global Cybersecurity Solutions, Verizon Business. 'Businesses need to invest in robust security measures, including strong password policies, timely patching of vulnerabilities, and comprehensive security awareness training for employees.' Sector Spotlight: Manufacturing Hit by Sixfold Surge in Espionage Attacks The 2025 DBIR exposes alarming cybersecurity shifts targeting key industries worldwide. Manufacturing has experienced a dramatic, nearly sixfold surge in espionage-motivated breaches, jumping to 20% from just 3% last year. Healthcare similarly faces rising espionage threats, while Education and Financial industries also continue to battle persistent cybersecurity challenges. Retail organisations have weathered a 15% increase in cyber incidents since 2024, with attackers now pivoting away from payment card data toward easier targets such as customer credentials, business plans, and reports. This year's findings serve as a critical warning for businesses globally—including those in EMEA—to take immediate, decisive action. Organisations must strengthen their cybersecurity defenses against these evolving threats to protect vital assets, maintain customer trust, and ensure sustainable success in today's digital landscape. 'This year's DBIR findings reflect a mixed bag of results. Glass-half-full types can celebrate the rise in the number of victim organisations that did not pay ransoms with 64% not paying vs 50% two years ago. The glass-half empty personas will see in the DBIR that organisations that don't have the proper IT and cybersecurity maturity – often the SMB sized organisations, are paying the price for their size with ransomware being present in 88% of breaches,' said Craig Robinson, Research Vice President, Security Services at IDC. 'While there is no magic pill to swallow that will alleviate the pain of cybersecurity attacks, Verizon's leadership in educating the public on the types of attacker motives, tactics and techniques is a key head start in raising global awareness and cyber readiness.' Visit our Cybersecurity Awareness page to learn more about data privacy and Verizon's efforts. About Verizon Business Verizon Business is a global leader in providing communication and technology solutions to businesses of all sizes. With a comprehensive portfolio of services, including network, cloud, security, and collaboration solutions, Verizon Business helps organizations improve their operations, enhance their customer experiences, and drive innovation. Verizon Communications Inc. (NYSE, Nasdaq: VZ) powers and empowers how its millions of customers live, work and play, delivering on their demand for mobility, reliable network connectivity and security. Headquartered in New York City, serving countries worldwide and nearly all of the Fortune 500, Verizon generated revenues of $134.8 billion in 2024. Verizon's world-class team never stops innovating to meet customers where they are today and equip them for the needs of tomorrow. For more, visit or find a retail location at VERIZON'S ONLINE MEDIA CENTER: News releases, stories, media contacts and other resources are available at News releases are also available through an RSS feed. To subscribe, visit Media contact: Sebrina Kepple [email protected]
Yahoo
23-04-2025
- Business
- Yahoo
Verizon's 2025 Data Breach Investigations Report: System Intrusion Breaches Double in EMEA
LONDON, April 23, 2025 (GLOBE NEWSWIRE) -- Verizon Business today released its 2025 Data Breach Investigations Report (DBIR), revealing a dramatic surge in global data breaches, with EMEA experiencing a significant increase in system intrusion breaches. These breaches have skyrocketed, nearly doubling to 53% of breaches in the region in just one year. The 2025 DBIR, which analysed over 22,000 security incidents, including 12,195 confirmed data breaches, found third-party involvement doubling to 30% in this year's report and a 34% surge in vulnerability exploitation globally. In EMEA, nearly a third (29%) of breaches originated from within the organisation, a stark contrast to APAC, where only 1% of threats are from internal actors, and North America, where internal threats account for just 5% of breaches. Although EMEA experienced the highest percentage of breaches caused by internal actors, the number of insiders decreased by 41% in 2025. This decline was due to a faster increase in other types of breaches. 'The alarming rate of employee-driven breaches in EMEA underscores a critical need for businesses to strengthen their internal cybersecurity. Organisations must go beyond guarding against external threats and foster a culture of security awareness and accountability within,' said Sanjiv Gossain, Group Vice President and Head of EMEA of Verizon Business. 'The surge in system intrusions across EMEA is a clear warning to organisations to urgently fortify both external defenses and internal controls through comprehensive employee training, robust access controls, and zero-trust frameworks.' Key EMEA Findings: System Intrusion Threats: System intrusion breaches surged to 53%, nearly double last year's rate of 27% Insider Leaks: 29% of breaches originate from within EMEA organisations, with 19% attributed to unintentional mistakes and 8% involving misuse, such as unauthorised use of data that violates the organisation's policies Social Engineering: The second-most common incident pattern in the region, with phishing appearing in 19% of breaches in EMEA Key Global Findings: Exploitation of Vulnerabilities: This initial attack vector saw a 34% increase, with a significant focus on zero-day exploits targeting perimeter devices and VPNs Ransomware: Ransomware attacks rose by 37% since last year, and are now present in 44% of breaches, despite a noticeable decrease in the median ransom amount paid Third-Party Involvement: The percentage of breaches involving third parties doubled, highlighting the risks associated with supply chain and partner ecosystems Human Element: Human involvement in breaches remains high, with a significant overlap between social engineering and credential abuse 'The DBIR's findings underscore the importance of a multi-layered defense strategy,' said Chris Novak, Vice President, Global Cybersecurity Solutions, Verizon Business. 'Businesses need to invest in robust security measures, including strong password policies, timely patching of vulnerabilities, and comprehensive security awareness training for employees.' Sector Spotlight: Manufacturing Hit by Sixfold Surge in Espionage Attacks The 2025 DBIR exposes alarming cybersecurity shifts targeting key industries worldwide. Manufacturing has experienced a dramatic, nearly sixfold surge in espionage-motivated breaches, jumping to 20% from just 3% last year. Healthcare similarly faces rising espionage threats, while Education and Financial industries also continue to battle persistent cybersecurity challenges. Retail organisations have weathered a 15% increase in cyber incidents since 2024, with attackers now pivoting away from payment card data toward easier targets such as customer credentials, business plans, and reports. This year's findings serve as a critical warning for businesses globally—including those in EMEA—to take immediate, decisive action. Organisations must strengthen their cybersecurity defenses against these evolving threats to protect vital assets, maintain customer trust, and ensure sustainable success in today's digital landscape. 'This year's DBIR findings reflect a mixed bag of results. Glass-half-full types can celebrate the rise in the number of victim organisations that did not pay ransoms with 64% not paying vs 50% two years ago. The glass-half empty personas will see in the DBIR that organisations that don't have the proper IT and cybersecurity maturity – often the SMB sized organisations, are paying the price for their size with ransomware being present in 88% of breaches,' said Craig Robinson, Research Vice President, Security Services at IDC. 'While there is no magic pill to swallow that will alleviate the pain of cybersecurity attacks, Verizon's leadership in educating the public on the types of attacker motives, tactics and techniques is a key head start in raising global awareness and cyber readiness.' Visit our Cybersecurity Awareness page to learn more about data privacy and Verizon's efforts. About Verizon BusinessVerizon Business is a global leader in providing communication and technology solutions to businesses of all sizes. With a comprehensive portfolio of services, including network, cloud, security, and collaboration solutions, Verizon Business helps organizations improve their operations, enhance their customer experiences, and drive innovation. Verizon Communications Inc. (NYSE, Nasdaq: VZ) powers and empowers how its millions of customers live, work and play, delivering on their demand for mobility, reliable network connectivity and security. Headquartered in New York City, serving countries worldwide and nearly all of the Fortune 500, Verizon generated revenues of $134.8 billion in 2024. Verizon's world-class team never stops innovating to meet customers where they are today and equip them for the needs of tomorrow. For more, visit or find a retail location at VERIZON'S ONLINE MEDIA CENTER: News releases, stories, media contacts and other resources are available at News releases are also available through an RSS feed. To subscribe, visit Media contact: Sebrina Sign in to access your portfolio
