April 28, 2017
Verizon has today launched it's 10th annual Data Breach Investigations Report (DBIR), providing an analysis of over 79,000 security incidents and 1,945 confirmed data breaches, across 79 countries.
“Ransomware use has exploded recently as an easy way for cyber criminals to make money. As long as people keep on paying the ransoms, attackers will continue to infect users. It’s become the number one threat to businesses today, with many firms having to pay the ransom simply because they don’t have the defence systems in place to avoid doing so".
Cyber espionage is now the most common type of attack seen in manufacturing, the public sector and now education, warns the Verizon 2017 Data Breach Investigations Report.
Much of this is due to the high proliferation of proprietary research, prototypes and confidential personal data, which are hot-ticket items for cybercriminals. Nearly 2,000 breaches were analysed in this year’s report and more than 300 were espionage-related many of which started life as phishing emails.
In addition, organised criminal groups escalated their use of ransomware to extort money from victims: this year’s report saw a 50% increase in ransomware attacks compared to last year.
Despite this increase and the related media coverage surrounding the use of ransomware, many organisations still rely on out-of-date security solutions and aren’t investing in security precautions. In essence, they’re opting to pay a ransom demand rather than to invest in security services that could mitigate against a cyber attack.
“Insights provided in the DBIR are levelling the cyber security playing field,” said George Fischer, president of Verizon Enterprise Solutions.
“Our data is giving governments and organisations the information they need to anticipate cyber attacks and more effectively mitigate cyber-risk. By analysing data from our own security team and that of other leading security practitioners from around the world, we’re able to offer valuable intelligence that can be used to transform an organisation’s risk profile”.
This year’s DBIR combines up-to-date analysis of the biggest issues in cyber security with key industry-specific insights, putting security squarely on the business agenda.
Ransomware on the rise
There was a 50% rise in ransomware compared to last year’s DBIR; it was the 22nd most common variety of malware in 2014 and the fifth most common in 2016. Some industries are under greater threat than others; for example, ransomware accounted for 72% of all malware incidents in the healthcare sector.
Wieland Alge, GM EMEA at Barracuda, was not surprised by this conclusion drawn from the report.
“Ransomware use has exploded recently as an easy way for cyber criminals to make money. As long as people keep on paying the ransoms, attackers will continue to infect users. It’s become the number one threat to businesses today, with many firms having to pay the ransom simply because they don’t have the defence systems in place to avoid doing so.”
More consumers at risk than ever before
The record counts in the breaches reported in the 2017 DBIR are more commonly measured in the millions than ever before.
In 2011, there were four million records lost collectively in all of the breaches that comprised the DBIR; the caseload of 1,945 breaches in this year’s report includes 20 where over a million records were lost alone.
There are 289 confirmed breaches related to espionage in the 2017 DBIR; over 90% of which are attributed to state-affiliated groups. Nation-states, competitors and former employees were also behind these attacks, but not nearly as common, with phishing by far the most prevalent tactic used to target victims.
Shooting phish in a barrel
Phishing was present in over a fifth of all security incidents (21%), up from just 8% last year, which could largely be due to the success rate that hackers enjoy from these tactics.
One in twenty (7.3%) of phishing attacks were successful, resulting in the victim clicking on a link or email attachment sent by cybercriminals. Worse still, 6.5% of victims fell into the trap a second time, and 2% clicked more than three times.
“The best way of mitigating phishing attacks,” said Fraser Kyne, EMEA CTO, Bromium, “is to have a safety net in place, allowing end-users to click with freedom, without having to worry too much about stumbling upon a bad link or malicious attachment.”
“Micro-virtualisation is key to this, ensuring that each user task is contained within its own fully isolated and unique virtual environment. As a result, any malicious files are trapped within that virtual machine, posing no risk to the rest of the system. If a user finds themselves opening a malicious email or document, they can simply close down that window, and the threat disappears.”
The basics81% of hacking-related breaches succeed through either stolen, weak or easily guessable passwords, which could so easily be prevented by better password-hygiene, greater awareness of phishing, or the use of two-factor authentication.
Money makes the underworld go round
Organised criminal groups were behind 51% of breaches and state-affiliated groups were involved in 18%.Correspondingly, financial services firms were the most prevalent victims (24% of breaches), with financial gain (72%) and espionage (21%) the top two motives for cybercriminals.
Smaller organisations a target
61% of victims analysed were businesses with fewer than 1,000 employees. “For small organisations on a tight security budget,” advised Alge, “tiering your data in terms of importance is good practice so that you can intelligently decide where to focus your data protection efforts. Of course, customer data is often your most valuable asset and so usually will take precedence.”
“However, don’t fall into the trap of only protecting the data that you view as important and not taking into account the data that cyber criminals can easily monetise. For example, personally identifiable information is often targeted by cyber criminals, but may not be viewed as an important business asset.”
Education under fire
The DBIR found that educational institutions are more frequently being targeted by cybercriminals, who are after their valuable secrets (such as research). State affiliated actors were behind half of these breaches, with cyber espionage as the motivation in 26% of breaches, up from just 5% last year.
“Cyber attacks targeting the human factor are still a major issue,” says Bryan Sartin, executive director, Global Security Services, Verizon Enterprise Solutions.“
Cybercriminals concentrate on four key drivers of human behaviour to encourage individuals to disclose information: eagerness, distraction, curiosity and uncertainty. And as our report shows, it is working, with a significant increase in both phishing and pretexting this year.”
Business sector insights give real-life customer intelligence
This year’s report provided tailored insights for key business sectors, revealing specific challenges faced by different verticals, and also answering the “who? what? why? and how?” for each.
- The top three industries for data breaches are financial services (24%); healthcare (15%) and the public sector (12%).
- Companies in the manufacturing industry are the most common targets for email-based malware.
- 68% of healthcare threat actors are internal to the organisation.
“The cybercrime data for each industry varies dramatically,” commented Sartin. “It is only by understanding the fundamental workings of each vertical that you can appreciate the cyber security challenges they face and recommend appropriate actions.”
Get the basics in place
With 81% of hacking-related breaches leveraging either stolen passwords and/or weak or guessable passwords, getting the basics right is as important as ever before. Some recommendations for organisations and individuals alike include:
- Stay vigilant – log files and change management systems can give you early warning of a breach.
- Make people your first line of defense – train staff to spot the warning signs.
- Keep data on a “need to know” basis – only employees that need access to systems to do their jobs should have it.
- Patch promptly – this could guard against many attacks.
- Encrypt sensitive data – make your data next to useless if it is stolen.
- Use two-factor authentication – this can limit the damage that can be done with lost or stolen credentials.
- Don’t forget physical security – not all data theft happens online.
“Our report demonstrates that there is no such thing as an impenetrable system, but doing the basics well makes a real difference. Often, even a basic defense will deter cyber criminals who will move on to look for an easier target,” concluded Sartin.