sb-au logo
Story image

Verizon report finds cyberespionage is gaining ground

09 May 2017

Verizon’s 10th annual Data Breach Investigations Report has highlighted just how vulnerable smaller organisations are to all types of cyber attacks, making up 61% of all victims.

The report found that alongside small businesses, those in finance (24%), healthcare (15%) and the public sector (12%) make up the top three breach victims, and most notably the rate of cyber espionage is growing. A total of 68% of healthcare threat actors are insiders.

Cyber espionage is hot on the heels of the manufacturing, public sector and education industries, which were hit in 21% of cases analysed, or 300 out of almost 2000 breaches. 

“The cybercrime data for each industry varies dramatically. It is only by understanding the fundamental workings of each vertical that you can appreciate the cybersecurity challenges they face and recommend appropriate actions,” comments Bryan Sartin, executive director, Global Security Services, Verizon Enterprise Solutions. 

Attackers are going after propriety research, prototypes and confidential personal data. Most of them started as phishing emails, Verizon states.

51% of all breaches involved malware. Ransomware has also jumped the charts, moving from the 22nd most popular malware type to the fifth most popular. There has also been a 50% increase in ransomware attacks compared to last year.

Verizon says that despite ongoing media coverage, organisations are still using out-of-date solutions and aren’t investing enough in security. That is equivalent to paying a ransom demand instead of protecting themselves against it.

The report supports findings that phishing is a popular way of targeting users - 95% of attacks use methods that try to install software on a user’s device. Phishing accounts for 43% of all breaches.

“Cyber attacks targeting the human factor are still a major issue. Cybercriminals concentrate on four key drivers of human behaviour to encourage individuals to disclose information: eagerness, distraction, curiosity and uncertainty. And as our report shows, it is working, with a significant increase in both phishing and pretexting this year,” Sartin says.

Verizon provides some basic security tips:

  • Stay vigilant – log files and change management systems can give you early warning of a breach.
  • Make people your first line of defense – train staff to spot the warning signs.
  • Keep data on a “need to know” basis – only employees that need access to systems to do their jobs should have it.
  • Patch promptly – this could guard against many attacks.
  • Encrypt sensitive data – make your data next to useless if it is stolen.
  • Use two-factor authentication – this can limit the damage that can be done with lost or stolen credentials.
  • Don’t forget physical security – not all data theft happens online.

“Our report demonstrates that there is no such thing as an impenetrable system, but doing the basics well makes a real difference. Often, even a basic defence will deter cybercriminals who will move on to look for an easier target," Sartin concludes.

The report analysed data from 65 organisations across 84 countries. In total it analysed 42,068 incidents and 1935 incidents.

Story image
Stone & Chalk and AustCyber confirm strategic merger
"The integration of Stone & Chalk and AustCyber will enable our joint organisation to pursue a resilient and prosperous future not just for founders, enterprise and governments, but for all of Australia.”More
Story image
CyberCX and AustCyber launch platform to boost Aus cybersecurity industry
"Australia has some of the best cyber talent in the world, but we need to expand the supply of talent coming through the pipeline if we are to have a vibrant and globally competitive economy."More
Story image
Latest Tenable launch provides holistic approach to vulnerability management
Tenable.ep is reportedly the industry’s first, all-in-one, risk-based vulnerability management platform designed to scale as dynamic compute requirements change.More
Story image
CISOs, don't underestimate the importance of soft skills
There is increasing importance on Chief Information Security Officers (CISOs) having and developing the skill of emotional intelligence, a new report states.More
Story image
Jetstack's new flagship product brings security to cloud native platforms
“With Jetstack Secure our customers can see a detailed view of each cluster and an instant visual status of all workload certificates, including their association with Kubernetes resources."More
Story image
Creating a strong culture of security within organisations
CISOs worldwide are inherently aware of how significant investment in cybersecurity strategies and technologies can bolster an organisation’s protection against cyberattacks. However, many overlook the importance of culture when it comes to cybersecurity.More