In Verizon’s latest Data Breach Investigations Report, ransomware was once again cited at the “top security threat” for businesses and consumers, and also noted that this type of malware is now targeting the critical systems of companies such as databases.
The report is based on an analysis of 53,000 incidents and over 2,200 breaches occurring in 65 countries. Of all of the types of malicious cyber attacks, ransomware was found in 39 percent of all of the malware-related cases studied, which is double the number of attacks from last year’s report.
Researchers at Verizon said the analysis also revealed a “shift” in how social attacks are being deployed. This includes financial pretexting and phishing. “Attacks such as these, which continue to infiltrate organizations via employees, are now increasingly a departmental issue,” authors of the report said. “Analysis shows that human resource departments across multiple verticals are now being targeted in a bid to extract employee wage and tax data, so criminals can commit tax fraud and divert tax rebates.”
Verizon said financial pretexting and phishing was 98 percent of all of the social incidents reported, and 93 percent of all breaches that were investigated — “with e-mail continuing to be the main entry point (96 percent of cases).” Researchers at the company said businesses are nearly “three times more likely to get breached by social attacks than via actual vulnerabilities, emphasizing the need for ongoing employee cybersecurity education.”
George Fischer, president of Verizon Enterprise Solutions, said businesses find it “difficult to keep abreast of the threat landscape, and continue to put themselves at risk by not adopting dynamic and proactive security strategies.”
Bryan Sartin, executive director of security professional services at Verizon, said ransomware remains “a significant threat for companies of all sizes” and its use has increased “significantly over recent years.”
“What is interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom — the cybercriminal is the only winner here,” Sartin explained. “As an industry, we have to help our customers take a more proactive approach to their security. Helping them to understand the threats they face is the first step to putting in place solutions to protect themselves.”
Sartin said mitigating attacks and protecting against cybercrime needs to be top of mind across an entire organization. “Companies also need to continue to invest in employee education about cybercrime and the detrimental effect a breach can have on brand, reputation and the bottom line,” he said. “Employees should be a business’ first line of defense, rather than the weakest link in the security chain. Ongoing training and education programs are essential. It only takes one person to click on a phishing e-mail to expose an entire organization.”
Aside from education, Verizon suggests several ways for companies and brands to shield against attacks, which includes logging files and changing “management systems” to give early warnings of a breach. Limit internal access to data and encrypt sensitive data as well as use two-factor authentication.
UPS Taps Wal-Mart Executive for a ‘Transformation’ Role