Fewer ransomware victims paid to retrieve access to their systems, and the median ransom payment dropped 51% in the second quarter of 2022, according to a recent report from Coveware. Though the median payment dropped to $36,360, the average ransom payment increased 8% to $228,125, boosted by a few outliers. However, the improvement in the median payment reflected threat actors’ shifts toward less risky, lower-profile targets, and the average remains below a fourth quarter 2021 high of over $300,000.

The Cybersecurity & Infrastructure Security Agency (CISA) maintains the Known Exploited Vulnerability (KEV) catalog to help organizations better manage and mitigate cybersecurity vulnerabilities. The agency encourages organizations to utilize the KEV catalog—the authoritative list of vulnerabilities that have been exploited—to keep pace with threat activity and remediate the listed vulnerabilities to reduce the likelihood of compromise by known threat actors.

Cyberespionage is a type of cyberattack that involves an unauthorized user (or multiple users) accessing a victim’s sensitive information in order to secure economic benefits, competitive advantages or political gain. Also known as cyberspying, the primary targets of such cyberattacks include government entities, large corporations and other competitive organizations.

Hackers exploit virtual vulnerabilities to gain access to networks and devices illegally. While most engage in this activity for financial gain, others, called hacktivists, have different motivations.

Ransomware incidents entail cybercriminals compromising their victims’ computers or servers with malware and demanding large payments in order to restore the technology (as well as any files or data stored on it). They have often been considered one of the most damaging cyberattack methods.

Every year, people report fraud, identity theft and bad business practices to the Federal Trade Commission (FTC) and law enforcement partners. According to FTC data, more than 2.8 million people reported fraud in 2021, and 1 in 4 said they also lost money.

Credential stuffing incidents entail cybercriminals leveraging stolen usernames and passwords in attempts to gain access to additional accounts and systems. For example, a cybercriminal may obtain a target’s username and password for a social media account and use those same login credentials to try and access the victim’s other systems (e.g., email accounts, banking applications or workplace networks).

A man-in-the-middle (MITM) cyberattack refers to a cybercriminal intercepting a digital interaction or exchange between individuals, systems or an individual and a system. During a MITM incident, a cybercriminal could either eavesdrop on an interaction or pretend to be a genuine participant in the exchange.

As cyberattacks become more frequent and severe it is increasingly important for organizations to practice good cyber hygiene to minimize their exposure to risk. Cyber hygiene refers to habitual practices ensuring critical data and connected devices are handled safely.

Organizations face heightened cybersecurity risks when their employees travel. Business travelers are prime targets for cybercriminals, as they often carry valuable data and may not always be careful about securing their devices.

In recent years, cyber incidents have surged in both cost and frequency. That’s why it’s vital for businesses of all sizes and sectors to understand their digital exposures and take steps to minimize damages that may result from cyber incidents.

Phishing is a type of cyberfraud that utilizes deceptive emails or other electronic communication to manipulate recipients into sharing sensitive information, clicking on malicious links or opening harmful attachments. While emails are the most common delivery method of phishing attempts, cybercriminals may also use text messages, social media messages, fake or misleading websites, voicemails or even live phone calls.

Cyberattacks are a growing concern for employers across the globe but especially for those in the United States. According to the Identity Theft Resource Center, the number of reported U.S. data breaches rose 68% between 2020 and 2021, increasing to a record-setting 1,862 incidents.

Most businesses and individuals are familiar with phishing, a cyberattack technique that entails cybercriminals leveraging fraudulent emails to manipulate recipients into sharing sensitive information, clicking malicious links or opening harmful attachments. While these email-based scams remain a pressing concern, a new form of phishing—known as smishing—has emerged over the years, creating additional cyber exposures for businesses and individuals alike.

According to the Identity Theft Resource Center’s (ITRC) annual report—which advocated for more effective laws and regulations to better protect victims of identity fraud—2021 marked a milestone year with a record-setting number of data compromise events.

Today’s society has grown increasingly digital in nature, with many individuals leveraging smart devices within their daily lives. Although this technology can offer various benefits, it can also make individuals more susceptible to cybercrime.

Much of the cyber turmoil that plagued the world in 2021 will continue into 2022, with individuals remaining the top source of risk in an irrevocably online society, according to Experian’s annual Data Breach Industry Forecast for 2022.

Though most companies canceled annual holiday parties in the wake of the COVID-19 pandemic in 2020, many have decided to move forward with festivities in 2021. While these events are meant to foster organizational camaraderie and celebrate company achievements of the past year, employers may be held liable for any property damage, accidents or injuries caused by employees.

Business email compromise (BEC) losses are among the most expensive types of social engineering losses, and they are on the rise—increasing 58% from 2015 to 2019, according to Advisen loss data. The median cost of a BEC loss is $764,000—significantly more expensive than other social engineering losses, which average around $580,000, according to Advisen loss data.

Keeping workplace technology up and running is vital to any organization’s success. While this task seems feasible, it’s growing harder and harder each year as cybercriminals expand their reach.