New data for Q4 of 2023 reveals a sizable shift in the cyber threat landscape, with serious implications regarding ransomware and social engineering attacks targeting both the largest and smallest organizations worldwide.
The good news is that ransoms continue to decline – according to the most recent Quarterly Ransomware Report from ransomware response vendor Coveware. The decline that started in Q3 of last year continued in the last quarter of 2023, dropping an additional 33% to an average of $568,705.
One reason this may be happening is the steady decline of ransoms being paid; payments were being made in 85% of attacks in 2019 and are now only occurring in about 29% of attacks.
Another interesting change in the data shows that the median victim organization size declined 32% in Q4. While that sounds like all attackers are shifting down market, an analysis of the breakout of Q3 and Q4 attacks by organization size reveals additional details:
- The largest decline in attacks by size was in organizations with 10,000-50,000 employees
- The was also a smaller decline in the mid-market in organizations with 100-1000 employees
- The lion’s share of the shift went to the smallest of businesses with 1-100 users, with organizations of 50,000 and larger also receiving more attack focus
The takeaway: small and large businesses should be concerned.
In both cases, there’s a tremendous risk of users unwittingly assisting in attacks that start with any kind of socially-engineered technique. In smaller organizations, the users simply aren’t trained, and in the larger organizations, the massive number of employees makes it a numbers game for attackers. In both cases, eventually the attacker will win.
And, in both cases, the answer lies in ensuring all employees are fully educated on social engineering attacks and their tactics used via new-school security awareness training to heighten the security stance of the organization when attacks make their way past security defenses all the way to the user.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
