The change is already showing up in how attacks are carried out in practice. As organisations strengthened defences against malicious emails, attackers turned to methods that rely on persuasion rather than code. Voice-based social engineering — in which criminals call help desks and impersonate employees to gain access — was the second most common entry point last year, accounting for 11% of intrusions.
The time between an initial breach and the handoff to a ransomware group has fallen from more than eight hours to just 22 seconds, according to Mandiant, a threat intelligence unit of Google Cloud. That leaves companies with far less time to react and raises questions about whether many incident response plans are still fit for purpose.
The same message comes through in several recent industry studies. They look at different risks, from software flaws to fraud and supply chains, but point in a similar direction. Cyber attackers are becoming more organised and efficient, while many organisations are still catching up.
