Ransomware attacks have emerged as a key cyber security threat for global organizations, according to the recently released 2018 Data Breach Investigations Report from Verizon.
The 11th edition of the report includes data from 67 contributing organizations and analysis of more than 53,000 incidents and 2,216 breaches from 65 countries. It states that ransomware is the most common type of malware, found in 39% of malware-related data breaches.
That’s double the amount cited in last year’s report, and the attacks accounted for more than 700 incidents. Ransomware moved up from fourth place among the most common types of malware in the previous year and 22nd place in 2014.
Verizon’s analysis shows that ransomware attacks are now moving into critical business systems rather than just desktops, encrypting file servers or databases, and inflicting more damage and commanding bigger ransom requests.
“What is interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom,” said Bryan Sartin, executive director of security professional services at Verizon. “As an industry, we have to help our customers take a more proactive approach to their security. Helping them to understand the threats they face is the first step to putting in place solutions to protect themselves.”
Companies also need to continue to invest in employee education about cyber crime and the detrimental effect a breach can have on brand, reputation, and the bottom line, Sartin said. Employees should be a business’s first line of defense, rather than the weakest link in the security chain. Ongoing training and education programs are vital, he said.
The research indicates a shift in how social attacks such as financial pretexting and phishing are used. These types of attacks, which continue to infiltrate organizations through employee actions, are now increasingly a departmental issue.
The analysis shows that human resources departments across multiple industries are now being targeted as cyber criminals look to extract employee wage and tax data, so they can commit tax fraud and divert tax rebates.
Financial pretexting and phishing represent 98% of social incidents and 93% of all breaches investigated, with email continuing to be the main entry point (96% of cases). Organizations are nearly three times more likely to get breached by social attacks than through actual vulnerabilities, the report says, emphasizing the need for ongoing employee cyber security education.
Pretexting incidents have increased more than five times since the 2017 report, with 170 incidents analyzed this year (compared with just 61 in the 2017 report). Eighty eight of these incidents specifically targeted human resources staff to obtain personal data for the filing of file fraudulent tax returns.
While on average 78% of people did not fail a phishing test last year, 4% do for any given phishing campaign, the report notes, and a cyber criminal only needs one victim to get access into an organization.
One breach can have multiple attackers, and Verizon found that 72% of attacks were perpetrated by outsiders, 27% involved internal users, 2% involved business partners and 2% feature multiple partners. Organized crime groups account for half of the attacks analyzed.
The report looked at the biggest risks facing various industries. For example, in financial services and insurance, payment card skimmers installed on ATMs are a key risk, and there is a rise in “ATM jackpotting,” where fraudulently installed software or hardware instructs ATMs to release large amounts of cash. Distributed denial of service (DDoS) attacks are also a threat.
Healthcare is the only industry where insider threats are greater than threats from the outside, according to the report. Human error is a major contributor to healthcare risks. In the public sector, cyber espionage remains a major concern, with 43% of data breaches motivated by espionage initiatives. But it’s not just state-secrets that are a target, Verizon said. Personal data is also at risk.
The study makes it clear that the time to act is now if organizations are to effectively defend themselves. More than two thirds of breaches (68%) took months or longer to discover, even though 87% of the breaches researchers examined had data compromised within minutes or less of the attack taking place.
While security can’t be guaranteed, the report said, organizations can take proactive steps to keep themselves from being victims. These include staying vigilant; making people the first line of defense through training to spot the warning signs; keeping data on a “need to know” basis; applying security patches promptly; encrypting sensitive data; using two-factor authentication; and deploying physical security solutions.