Check out the findings of the Verizon report on ransomware, social engineering and phishing
Updated at: Oct 01, 2019
Verizon's new Data Breach Investigations Report (DBIR) reinforces key aspects that need to be continually discussed by companies and their managers and leaders. These aspects involve the use of malware, ransomware, social engineering, phishing, and even human failure in attacks and information leaks. The report is based on more than 41,000 security incidents that affected companies in different countries around the world.
Main targets for attacks: SMBs and C-level executives
As expected, the report points out that small and medium-sized businesses (SMBs) are a major target for cyber attacks. 43% of all data breaches occurred in small businesses. SMBs are lucrative and interesting targets for cybercriminals because, unlike big companies, they either aren't as concerned about information security or don't have the budget to protect themselves adequately.
Another interesting point of the report shows that the more decision-making power the employee has within the company, the more likely he'll become a victim of a digital attack. “C-level executives were twelve times more likely to be the target of social incidents and nine times more likely to be the target of social breaches than in years past”, says the document.
Detection problem and financial motivation
A very relevant data in the Verizon report indicates that about 23,000 security incidents or 56% of all data breaches took months or longer to be discovered. It's a frightening number. It shows how essential it is for companies to invest in advanced tools and mechanisms for preventing and detecting threats and attacks.
The document also says that the main reason for the attacks is financial motivation, accounting for about 71% of all breaches. On the other hand, 25% of them are espionage, aiming at data and confidential information theft to gain strategic advantage.
Most common tactics and types of threats and attacks
Malware and ransomware
About 94 % of the breaches involving malware occur through the use of email, according to the report. To hack businesses, cybercriminals use unknown emails, emails with malicious links and emails with malicious attachments. Among the most commonly used attachments are Office and PDF files.
Speaking of all data breaches, 28% involved malware. The document also highlights the damage that ransomware cause, remembering that ransomware is a type of malware. “Ransomware is still a major issue for organizations and is not forced to rely on data theft in order to be lucrative”, the report points out.
Social engineering, phishing and BEC
Social engineering, which is basically the ability to search and study about potential victims and then lure and persuade them, is present in 33% of the attacks.
“Research points to users being significantly more susceptible to social attacks they receive on mobile devices. This is the case for email-based spear phishing, spoofing attacks that attempt to mimic legitimate webpages, as well as attacks via social media”, highlights the document.
One of the major types of scam using social engineering is phishing attacks, which is when the cybercriminal impersonates a known person or brand. According to the report, 32% of all breaches involved phishing.
The evolution of phishing is spear phishing, which is a scam targeted at certain people or companies. BEC is a type of spear phishing that was quoted in the report.
“BECs are still advantageous for the criminal element because they provide a quick way to cash out. Many other types of data breaches require a little more work on the adversaries’ part to convert stolen data into accessible wealth”.
Human failure gained prominence in the report. About 35% of the data breaches happened due to misuse by authorized users and human errors. Here on Gatefy's blog we've been discussing the issue of security awareness a lot. Trained employees mean more productivity and fewer chances of being hacked.
“Sending data to the incorrect recipients (either via email or by mailed documents) is still an issue. Similarly, exposing data on a public website (publishing error) or misconfiguring an asset to allow for unwanted guests also remain prevalent”, according to the document.
Would you like to see the full 2019 Data Breach Investigations Report (DBIR)? Click here.