Humans Remain Weak Link, But Ransomware Is Biggest Threat – Verizon

Humans are still one of the principle weak links in an organisation’s cyber defences, the Verizon 2018 Data Breach Investigations report (DBIR) has revealed.

But the report also points out that ransomware is still a top cybersecurity threat, and ransomware attacks have doubled since 2017, and are now targeting business critical systems.

Last year’s Verizon report also painted a bleak picture of the cyber security landscape when it found that cyberespionage was the most common type of cyber attack seen in manufacturing, education and the public sector.

Ransomware threat

This year marks the eleventh anniversary edition of the Verizon DBIR, which gathers cyber security data from 67 contributing organisations, over 53,000 security incidents and 2,216 data breaches from 65 countries.

The report stated that ransomware is the more prevalent variety of malicious software, found in 39 percent of malware-related cases – double that of last year’s DBIR – and accounts for over 700 incidents.

To give a clear understanding, ransomware was only in fourth place in the 2017 DBIR.

Going back to 2014, ransomware was ranked in 22^nd position.

And worryingly, Verizon’s analysis show that these ransomware attacks are now moving into business critical systems, which encrypt file servers or databases, inflicting more damage and commanding bigger ransom requests.

HR departments

But this was not the only trend Verizon had noticed over the past 12 months. Its analysis also uncovered a shift in how social attacks, such as financial pretexting and phishing, are used.

Financial pretexting and phishing represent 98 percent of social incidents and 93 percent of all breaches investigated – with email continuing to be the main entry point (96 percent of cases). Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasising the need for ongoing employee cybersecurity education.

Indeed, these types of attacks continue to infiltrate organisations via its weak point, namely humans.

And analysis shows that Human Resource (HR) departments across multiple verticals are now being targeted in a bid to extract employee wage and tax data, so criminals can commit tax fraud and divert tax rebates.

“Businesses find it difficult to keep abreast of the threat landscape, and continue to put themselves at risk by not adopting dynamic and proactive security strategies,” said George Fischer, president of Verizon Enterprise Solutions.

“This 11th edition of the DBIR gives in-depth information and analysis on what’s really going on in cybercrime, helping organizations to make intelligent decisions on how best to protect themselves,” he said.

Insider threat

Of course there are other ongoing threats out there. DDoS attacks for example are everywhere and are often used as camouflage, often being started, stopped and restarted to hide other breaches in progress.

And it seems that most organisations are attacked by outsiders (72 percent of attacks were perpetrated by outsiders). But worrying for IT managers, is that 27 percent of attacks involved internal actors (2 percent involved partners and 2 percent feature multiple partners.)

Organised crime groups still account for 50 percent of the attacks analysed, said Verizon.

“Ransomware remains a significant threat for companies of all sizes,” said Bryan Sartin, executive director security professional services, Verizon. “It is now the most prevalent form of malware, and its use has increased significantly over recent years.

“What is interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom – the cybercriminal is the only winner here!” said Sartin. “Companies also need to continue to invest in employee education about cybercrime and the detrimental effect a breach can have on brand, reputation and the bottom line. Employees should be a business’s first line of defence, rather than the weakest link in the security chain.”

Some of the main trends this year is that attackers are using social engineering to personal information, which is then used for identity fraud. So be careful about what you put on Facebook.

Highly sensitive research is also at risk, with 20 percent of attacks motivated by espionage. Eleven percent of attacks also have “fun” as the motive rather than financial gain.

Meanwhile the report also found that payment card skimmers installed on ATMs are still big business, but there has been a rise in “ATM jackpotting,” where fraudulently installed software or hardware instructs the ATMs to release large amounts of cash.

Do you know all about security? Try our quiz!