Story image

Verizon report finds cyberespionage is gaining ground

09 May 17

Verizon’s 10th annual Data Breach Investigations Report has highlighted just how vulnerable smaller organisations are to all types of cyber attacks, making up 61% of all victims.

The report found that alongside small businesses, those in finance (24%), healthcare (15%) and the public sector (12%) make up the top three breach victims, and most notably the rate of cyber espionage is growing. A total of 68% of healthcare threat actors are insiders.

Cyber espionage is hot on the heels of the manufacturing, public sector and education industries, which were hit in 21% of cases analysed, or 300 out of almost 2000 breaches. 

“The cybercrime data for each industry varies dramatically. It is only by understanding the fundamental workings of each vertical that you can appreciate the cybersecurity challenges they face and recommend appropriate actions,” comments Bryan Sartin, executive director, Global Security Services, Verizon Enterprise Solutions. 

Attackers are going after propriety research, prototypes and confidential personal data. Most of them started as phishing emails, Verizon states.

51% of all breaches involved malware. Ransomware has also jumped the charts, moving from the 22nd most popular malware type to the fifth most popular. There has also been a 50% increase in ransomware attacks compared to last year.

Verizon says that despite ongoing media coverage, organisations are still using out-of-date solutions and aren’t investing enough in security. That is equivalent to paying a ransom demand instead of protecting themselves against it.

The report supports findings that phishing is a popular way of targeting users - 95% of attacks use methods that try to install software on a user’s device. Phishing accounts for 43% of all breaches.

“Cyber attacks targeting the human factor are still a major issue. Cybercriminals concentrate on four key drivers of human behaviour to encourage individuals to disclose information: eagerness, distraction, curiosity and uncertainty. And as our report shows, it is working, with a significant increase in both phishing and pretexting this year,” Sartin says.

Verizon provides some basic security tips:

  • Stay vigilant – log files and change management systems can give you early warning of a breach.
  • Make people your first line of defense – train staff to spot the warning signs.
  • Keep data on a “need to know” basis – only employees that need access to systems to do their jobs should have it.
  • Patch promptly – this could guard against many attacks.
  • Encrypt sensitive data – make your data next to useless if it is stolen.
  • Use two-factor authentication – this can limit the damage that can be done with lost or stolen credentials.
  • Don’t forget physical security – not all data theft happens online.

“Our report demonstrates that there is no such thing as an impenetrable system, but doing the basics well makes a real difference. Often, even a basic defence will deter cybercriminals who will move on to look for an easier target," Sartin concludes.

The report analysed data from 65 organisations across 84 countries. In total it analysed 42,068 incidents and 1935 incidents.

SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.
What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”