Skip to the main content.

4 min read

Incident Response Trends 2022

Featured Image

There is no surprise in stating that in 2022 ransomware was the most dominant threat and so far it shows no sign of slowing down in 2023. Across the world, attackers are exploiting security weaknesses and holding companies’ data hostage, demanding tens of millions of dollars in payment.

According to market research, half of the investigated security incidents in 2022 were connected to ransomware. Ransomware attacks evolved in a way where instead of targeting middle and mid-size companies, the attacks became fewer in quantity but their target expanded to large-scale organizations which in translation means large-scale damage. 

One of the most infamous ransomware attacks this year was the Colonial Pipeline which was widely reported due to the high importance of the pipeline which plays an important role in the national critical infrastructure system of the US. Among others, the infamous spotlight this year was taken by REvil, the same hacker group that targeted Acer, Quanta, JBS Foods, and Kaseya with the aim to disrupt key areas of the economy on a large scale.

After ransomware, the next most commonly observed threat this year was business email compromise (BEC). The worldwide existence of BEC and ransomware incidents which frequently use phishing and MalSpam as a means of initial infection demonstrates the high importance of properly implementing multi-factor authentication (MFA). Other cyber threats observed this year were related to phishing, malicious software, social engineering, SQL injection, MITM attacks, Formjacking, IoT, patch management, and cloud vulnerabilities.

The exponential growth of cyber security attacks

This all adds up to an exponentially growing threat that makes the goal of never being breached unobtainable. Organizations around the world are coming to accept that a cyber breach will occur and it is critical to add cyber resilience - how quickly and efficiently you identify, understand, and remediate an attack - to their existing security posture.

As Steve Morgan stated: “If it were measured as a country, then cybercrime — which is predicted to inflict damages totaling $6 trillion USD globally in 2022 — would be the world’s third-largest economy after the U.S. and China.”

Cyber attacks can impact an organization in many ways. Regardless of the type of cyber attack, every consequence has some form of cost, whether monetary or otherwise.  The consequences of the cybersecurity incident may still impact your business weeks, if not months, later. Below are five areas where your business may suffer:

  • Financial losses

  • Loss of productivity

  • Reputation damage

  • Legal liability

  • Business continuity problems


DFIR Guide

Download our DFIR Guide and learn more how you can elevate your incident response processes.



What can we learn from this?

The traditional cybersecurity approach, putting the walls between your organization and criminals, is no longer sufficient or capable of ensuring 100% breach protection. Having the best solutions or tools in the market cannot guarantee absolute security. An incautious employee or a breached supplier can quickly turn you into a victim. It means we all can be victims of a ransomware attack in the future.

Since there is no absolute security, we have to focus on what we will do in case of an attack. Victims of ransomware attacks have two options. They can either pay the ransom and try to take their data back or they can respond and try to recover if they have a well-prepared plan. 

In some circumstances, paying the ransom may seem like the best option for avoiding catastrophic consequences. Companies that consider it an easy swap and expect to get their data back after the payment are increasingly choosing to pay the ransom. In 2022, victims paid up to $45 million in payouts. But this doesn’t mean that they succeeded because whether they paid or not, only 29% of victims were able to restore all their encrypted or blocked files following an attack. 

The second option is following the conventional recommendation - not paying the ransom. It is clear that we are not immune to ransomware so, in order to survive without paying, we have to build a strong and resilient security posture. Building cyber resilience is about preparing for, responding to, and recovering from cyber-attacks. It helps organizations limit the severity of attacks and ensure their survival functions. All of the above requires realistic planning.  A solid incident response plan is the key to limiting the attack damage following the recovery process. Studies show that organizations with clearly defined steps, responsibilities, and tested response plans respond faster. According to Mimecast’s The State of Email Security Report 2020, %31 of organizations experienced data loss due to a lack of cyber resilience preparedness. 

A Dire Need for Cyber Resilience Walls

There are two major factors in addressing the alarming rate of cyber incidents. One is that companies need to take cybersecurity seriously and invest in it with adequate resources. 

As Touro College Illinois Cybersecurity Program Director Joe Giordano notes, “So many companies and institutions still have weak security, and strong security requires constant vigilance and updates, not a one-time upgrade. When more organizations start to take cybersecurity seriously and invest the time and resources to combat threats, we’ll start to see these threats diminish.”

Secondly, while collecting intelligent data from various digital forensics reports shows us that no matter how effective the solutions you have deployed internally within your organization are, time stays as the number one asset in fighting cyber attacks.

Rapid detection and incident response need to be based on automation and speed. While being in the DFIR market for more than 13 years, Binalyze encountered how time is crucial when a data breach occurs because the faster you are the less time you give to cyber attackers to finalize their malicious activities.

Here at Binalyze, we’re committed to making advanced solutions for increased challenges in incident response for all types of companies across all sizes and industries. We know how important it is to detect and respond to incidents in real-time. Having an automated system in place that will help you protect and recover quickly from cyber incidents is available to you today. Everyone in your organization, from consumers to internal stakeholders will benefit from this action. 

Binalyze’s incident response best practices, advanced technologies, and expertise helps defend you against the increased rate of cyber attacks, protect your business-critical applications and data, and enhance the recovery from a data breach or similar malicious disruption. Binalyze helps your company to implement more agile incident response processes with powerful automation, smart anomaly detections while orchestrating rapid and reliable communication with all other systems in your network. 

To get a free demonstration of automated incident response and how it can strengthen the cyber resilience of your organization just click here.

The end goal is to help reduce the complexity and cost of fighting cybercrime, and in this battle – we are all in together.