To ensure the X-Analytics Application remains current and produces reliable outcomes, the X-Analytics Research Team aggregates and analyzes historical and cyber risk intelligence data to calibrate backend variables within X-Analytics.
This update includes:
Threat
Industry Threat Baselines: +2.5% change
The industry threat baselines increased by an average of 2.5% since the last update.
Most notable, Other Services (except Public Administration) (56), Wholesale Trade (42), and Management of Companies and Enterprises (55) have the largest increases in threat activity. For this most part, these industries are experiencing an increase in physical theft and loss and insider misuse activity.
However, Finance and Insurance (52), Healthcare and Social Assistance (62), and Professional, Scientific, and Technical Services (54) have the most significant threat activity. These industries are experiencing high volumes of web application attacks, crimeware (including ransomware), and everything else (which is an aggregation of unknown or undisclosed activity).
Web Application Attacks, Denial of Service Attacks, and Crimeware (including ransomware) are the top three threat categories (in order of most likely to least likely).
The increase in threat activity is partially related to increases in malware (including ransomware) attacks, unpatched software (vulnerability) exploits, zero-day attacks, and credential compromise.
Threat Conclusion: The increase in threat activity will cause an increase in cyber exposure for most customers.
Data Breach Probability
Data Breach Probability Baseline: +0.2% change
Data breach probability baseline increased by an average of 0.2% since the last update.
The increase in data breach probability is related to an increase in hacking, error, unauthorized access, and physical theft and loss.
The average size of data breach is still holding between 100k and 200k records.
Data Breach Conclusion: The increase in data breach probability will cause an increase in data breach cyber exposure for most customers.
Business Interruption
Business Interruption (DoS) Probability Baseline: -0.04% change
Business interruption (DoS) probability baseline decreased by an average of 0.04% since the last update.
The decrease in business interruption (DoS) probability is related to an decrease in targeted short duration DoS attacks.
The DoS baseline probability decreased by 0.32% for durations between 0.5 hours and 4 hours and decreased by 0.06% for durations greater than 4 hours.
Business Interruption (Other) Probability Baseline: -5.1% change
Business interruption (Other) probability baseline decreased by an average of 5.1% since the last update.
The decrease in business interruption (Other) probability is related to a decrease in error and an improvement in failover capabilities and IT management.
Business Interruption Conclusion: The decrease in business interruption (DoS) probability and the decrease in business interruption (Other) probability will cause a decrease in business interruption cyber exposure for most customers.
Ransomware
Ransomware Probability Baseline: +1.5% change
Ransomware baseline probability has increased by an average of 1.5% since the last update.
This increase in ransomware probability is related to an increase in BlackCat (including Scatter Spider), CL0P, Royal, and other ransomware activity.
Ransomware Extortion: +32.8% change
Low Impact Extortion: +40.1% change Ransomware low impact extortion has increased by 40.1% since the last update.
Median Impact Extortion: +32.8% change Ransomware median impact extortion has increased by 40.1% since the last update.
High Impact Extortion: +14.1% change Ransomware high impact extortion has increased by 40.1% since the last update.
Worst-Case Impact Extortion: +11.9% change Ransomware worst-case impact extortion has increased by 40.1% since the last update.
This increase in ransomware extortion is a related to an increase in organizations paying the ransom and an increase in extortion demands (despite strong negotiation tactics to reduce extortion amounts).
Ransomware Conclusion: The increase in ransomware probability and ransomware extortion will cause an increase in ransomware cyber exposure for most customers.
Misappropriation
Misappropriation Probability Baseline: -2.5% change
Misappropriation probability baseline has decreased by an average of 2.5% since the last update.
The decrease in misappropriation probability is related to an increase in fraud countermeasures and a decrease in organization's reporting intellectual property theft, integrity-based service issues, and insider fraud activity.
Misappropriation of Funds - % of Payments Related to Fraud: -8.5% change
Misappropriation of Funds (% of payments related to fraud) has decreased by 8.5% since the last update.
The decrease in "percent of payments related to fraud" is related to the fact that ACH and wire transaction volumes continue to increase in volume at a faster rate than the rate of FTF fraud.
Misappropriation Conclusion: The decrease in misappropriation probability will cause a decrease in misappropriation cyber exposure for most customers, and the decrease in "percent of payments related to fraud" will cause a further decrease in misappropriation of funds cyber exposure for most customers.
If you have questions, please submit a support request here.
Comments