Cybersecurity Researcher, Entrepreneur, Professor. Follow me for FUD-free, data-filled analysis of infosec trends and challenges.
What types of #cybersecurity #incidents represent the highest risk? This chart from Cyentia Institute's Information Risk Insights Study (IRIS) 2022 makes a strong case for network and system intrusions. It's based on the relative frequency and financial losses from 77,000 cyber events experienced by 35,000 organizations over the last decade. Being the sole pattern in the dreaded upper-right quadrant, system intrusions are far and away the riskiest incident pattern. They account for about half of all events as well as half of total losses recorded over the last decade. While not part of this particular analysis, our studies of extreme and massive multi-party events point to the exploitation of valid accounts (T1078) and public-facing applications (T1190) as the primary initial access techniques for system intrusions. Download the IRIS 2022 (no registration req'd): https://lnkd.in/e_BGmwT #cybercrime #cyberattacks #cyberrisk
CISO at Mercury Risk. - Formerly Intel Corp, Cybersecurity Strategist, Board Advisor, Keynote Speaker, 190k followers
9moSuch good data! Understanding the relative impacts to different types of attacks should be a part of the risk analysis for every organization! Request for the next version of this chart: Can you add a circle around each to reflect the estimated variability for unmeasured impact? For example, many victims don't report losses for ransomware or DDoS attacks, whereas when sensitive data is breached that tends to be better documented and a more complete calculation (higher accuracy). It would add a nice contrast to show how we understand reported data accuracy varies among different attack types.