In recent years, cybercrime has become one of the fastest-growing criminal activities worldwide, posing a significant threat to individuals, businesses, and governments.
One particular area of concern is the phenomenon of repeat attack, especially since the prevalence of which is alarmingly high. In a variety of attack types, studies have shown that a victim who has been attacked once is more likely to get attacked again.
The most prominent manifestation of repeat attack is when it comes to ransomware. Several studies that have been conducted on ransomware victimization show a high occurrence rate of repeated attacks. For instance, a recent study by Cybereason found that among ransomware victims who paid the ransom, almost 80% were victimized again, often by the same attacker. Interestingly, in about 68% of these cases, the second hit strikes within a month from the first one.
As mentioned, this dynamic exists in various attack types. A few examples are:
Data breach: A 2021 study by Accenture and the Ponemon Institute found that organizations that experienced a data breach were 2.7 times more likely to experience a repeat breach than those that had not.
Website defacement: A study by Imperva found that among the organizations that experienced a website defacement attack, 47% reported experiencing a similar attack in the following six months. 1
DoS: A study by Neustar found that 44% of organizations that experienced a DDoS attack reported being targeted again within one year. 2
Since these studies, and others demonstrating similar results, clearly show a high probability of repeat attack for those who were breached before, they establish the significance of a company/organization cyber track record.
There are several explanations for the connection between past incidents and the current risk.
Firstly, cybercriminals may view organizations that have been successfully targeted in the past as vulnerable and potentially easy targets for future attacks.
Moreover, cybercriminals can use information obtained from a previous attack to launch more sophisticated and targeted attacks in the future. For example, if an organization’s data was stolen in a previous attack, cybercriminals can use that information to launch spear-phishing attacks, social engineering attacks, or other forms of cyberattacks that specifically target the organization’s weaknesses.
Additionally, once an organization has experienced a cyberattack, its defenses and security protocols may be weakened or compromised, making it more susceptible to future attacks. This is particularly true if the organization did not take appropriate steps to remediate the vulnerabilities that led to the initial attack. SLING uniquely uses broad data collection and deep Darknet intelligence to detect any kind of previous cyber-attack and takes into consideration every incident in order to better evaluate and predict cyber-risk score for companies and vendors.
