sb-nz logo
Story image

Verizon report finds cyberespionage is gaining ground

09 May 2017

Verizon’s 10th annual Data Breach Investigations Report has highlighted just how vulnerable smaller organisations are to all types of cyber attacks, making up 61% of all victims.

The report found that alongside small businesses, those in finance (24%), healthcare (15%) and the public sector (12%) make up the top three breach victims, and most notably the rate of cyber espionage is growing. A total of 68% of healthcare threat actors are insiders.

Cyber espionage is hot on the heels of the manufacturing, public sector and education industries, which were hit in 21% of cases analysed, or 300 out of almost 2000 breaches. 

“The cybercrime data for each industry varies dramatically. It is only by understanding the fundamental workings of each vertical that you can appreciate the cybersecurity challenges they face and recommend appropriate actions,” comments Bryan Sartin, executive director, Global Security Services, Verizon Enterprise Solutions. 

Attackers are going after propriety research, prototypes and confidential personal data. Most of them started as phishing emails, Verizon states.

51% of all breaches involved malware. Ransomware has also jumped the charts, moving from the 22nd most popular malware type to the fifth most popular. There has also been a 50% increase in ransomware attacks compared to last year.

Verizon says that despite ongoing media coverage, organisations are still using out-of-date solutions and aren’t investing enough in security. That is equivalent to paying a ransom demand instead of protecting themselves against it.

The report supports findings that phishing is a popular way of targeting users - 95% of attacks use methods that try to install software on a user’s device. Phishing accounts for 43% of all breaches.

“Cyber attacks targeting the human factor are still a major issue. Cybercriminals concentrate on four key drivers of human behaviour to encourage individuals to disclose information: eagerness, distraction, curiosity and uncertainty. And as our report shows, it is working, with a significant increase in both phishing and pretexting this year,” Sartin says.

Verizon provides some basic security tips:

  • Stay vigilant – log files and change management systems can give you early warning of a breach.
  • Make people your first line of defense – train staff to spot the warning signs.
  • Keep data on a “need to know” basis – only employees that need access to systems to do their jobs should have it.
  • Patch promptly – this could guard against many attacks.
  • Encrypt sensitive data – make your data next to useless if it is stolen.
  • Use two-factor authentication – this can limit the damage that can be done with lost or stolen credentials.
  • Don’t forget physical security – not all data theft happens online.

“Our report demonstrates that there is no such thing as an impenetrable system, but doing the basics well makes a real difference. Often, even a basic defence will deter cybercriminals who will move on to look for an easier target," Sartin concludes.

The report analysed data from 65 organisations across 84 countries. In total it analysed 42,068 incidents and 1935 incidents.

Story image
Creating private data regulations for employees
Whether employees are hired on a part-time or full-time basis, everyone must know about data privacy regulations. Everyone needs to be responsible for keeping the organisation’s data secure. More
Story image
NZX, Metservice attacks show Kiwi companies must rethink cyber security
The attacks are a wake-up call for New Zealand businesses to step up their threat protection and contingency planning systems.More
Story image
BlackBerry partners with ServiceNow for incident response management
BlackBerry has announced it has entered into a partnership with ServiceNow to integrate the BlackBerry AtHoc service within the Now platform for rapid crisis communications and IT service management. More
Story image
The three-pronged security approach that confronts security breaches head-on
Having these three processes working in tandem is key to cushioning the blow of a breach - which, if insufficiently protected, can take on average 279 days to contain and costs an average of almost US$4 million.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Five Eyes nations want legal access to backdoors to fight 'illegal content'
The nations argue that encryption can make the enforcement of public safety difficult, particularly when it comes to serious problems like child exploitation. More