Countering internal threats remains one of the biggest challenges for businesses, with a rise in phishing and ransomware attacks, as well as negligent and malicious insiders, new research shows.
To elude the latest defenses, cyber criminals are adapting their attack methods to increasingly target the human layer, which Accenture calls “the weakest link in cyber defense.”
In its ninth year, the firm’s Cost of Cybercrime Study combines research across 11 countries in 16 industries. The study this year has found that cybercrime is not only taking new proportions, but it also takes more time to resolve and is more expensive for organizations to combat.
One finding reveals cyber crooks increasingly use ransomware and phishing and social engineering attacks as a path to entry.
“As cybercrime evolves, business leaders are faced with an expanding threat landscape from malicious nation-states, indirect supply chain attacks and information threats. Organizations are introducing new technologies to drive innovation and growth faster than they can be secured. Humans are increasingly targeted as the weakest link in cyber defenses,” the report states.
A recent Barracuda Networks survey points to similar conclusions. Cybercriminals’ latest strategies to bypass email security gateways almost always target the human factor. Spear phishing in particular is seeing a spike in detections, according to the email-security firm.
Brand impersonation is used in 83 percent of spear-phishing attacks, and impersonating Microsoft is one of the more common techniques hackers use to take over accounts (followed by impersonating Apple Inc.). Sextortion scams targeting employees make up 10 percent of all spear-phishing attacks, and continue to increase, according to the report. Finally, employees are twice as likely to be the target of blackmail than business email compromise (BEC).
To combat internal threats, experts recommend hosting regular cybersecurity awareness programs for employees. On the technology side, they recommend using automation, advanced analytics and security intelligence to manage the rising costs of discovering attacks.