Most data breaches, unsurprisingly, are easily avoidable. So why don’t more businesses focus on improving security? Misdirected emails, weak security, lack of employee training on the basics of online behavior and social engineering scams, all could be easily resolved and it would cost far less than fixing their entire computer network.
The number of data breaches rose 39 percent in the first quarter of 2017 from the same period in 2016, according to global risk underwriter Beazley’s Breach Response Service. In the first quarter of 2017, the company handled 641 breaches, against 462 in 2016.
After investigating the incidents, Beazley found four major dangerous trends in 2017: phishing scams aiming for direct deposit deception, ransomware infections and massive attacks on the healthcare and banking industries.
In the US, 9 percent of data breaches were caused by phishing by cybercriminals aiming to steal employee information introduced in the W-2 wage and tax statement. After accessing an employee’s email, hackers introduce their bank account details to steal the funds. Specifically targeting the higher education sector, 48 percent of breaches were caused by phishing emails.
Between 2015 and 2016, ransomware attacks grew 300 percent, and keep spreading across industries. For the first quarter of 2017, ransomware attacks grew 35 percent from the same period in 2016. Cybercriminals prefer ransomware attacks and mostly target SMBs because of their weak security and willingness to pay up to get their data back.
Ransomware is attacking infrastructures across the world. We had barely gotten over May’s WannaCry infection of some 200,000 computers in over 100 countries in only 24 hours when GoldenEye/Petya/NotPetya jumped in this week, shutting critical infrastructure institutions in Ukraine.
Although Ukraine was patient zero, the infection has rapidly spread globally due to a compromised update of MeDOC accounting software. The trouble with the latest strain is that its goal was to destroy rather than make money.
The number of data breaches detected in the healthcare industry in 2016 hit a record increase of 40 percent, according to the Identity Theft Resource Center. In 2017, the healthcare industry and banking sector are on the radar more than ever, with as many as 45 percent of healthcare industry breaches and 31 percent of banking breaches occurring as a result of unintended disclosure, says the Beazley study. Malware-related leaks account for 16 percent of incidents.
How can you protect your business from data breaches, especially ransomware? First, educate employees to recognize social engineering techniques and deploy an endpoint security solution and a backup solution. Regularly patch or update software and web servers, set up policies that prevent users from installing malware and limit their access across the infrastructure. If you do get infected with ransomware, don’t pay the fee and immediately reach out to the nearest law enforcement agency.