Story image

Verizon report finds cyberespionage is gaining ground

09 May 17

Verizon’s 10th annual Data Breach Investigations Report has highlighted just how vulnerable smaller organisations are to all types of cyber attacks, making up 61% of all victims.

The report found that alongside small businesses, those in finance (24%), healthcare (15%) and the public sector (12%) make up the top three breach victims, and most notably the rate of cyber espionage is growing. A total of 68% of healthcare threat actors are insiders.

Cyber espionage is hot on the heels of the manufacturing, public sector and education industries, which were hit in 21% of cases analysed, or 300 out of almost 2000 breaches. 

“The cybercrime data for each industry varies dramatically. It is only by understanding the fundamental workings of each vertical that you can appreciate the cybersecurity challenges they face and recommend appropriate actions,” comments Bryan Sartin, executive director, Global Security Services, Verizon Enterprise Solutions. 

Attackers are going after propriety research, prototypes and confidential personal data. Most of them started as phishing emails, Verizon states.

51% of all breaches involved malware. Ransomware has also jumped the charts, moving from the 22nd most popular malware type to the fifth most popular. There has also been a 50% increase in ransomware attacks compared to last year.

Verizon says that despite ongoing media coverage, organisations are still using out-of-date solutions and aren’t investing enough in security. That is equivalent to paying a ransom demand instead of protecting themselves against it.

The report supports findings that phishing is a popular way of targeting users - 95% of attacks use methods that try to install software on a user’s device. Phishing accounts for 43% of all breaches.

“Cyber attacks targeting the human factor are still a major issue. Cybercriminals concentrate on four key drivers of human behaviour to encourage individuals to disclose information: eagerness, distraction, curiosity and uncertainty. And as our report shows, it is working, with a significant increase in both phishing and pretexting this year,” Sartin says.

Verizon provides some basic security tips:

  • Stay vigilant – log files and change management systems can give you early warning of a breach.
  • Make people your first line of defense – train staff to spot the warning signs.
  • Keep data on a “need to know” basis – only employees that need access to systems to do their jobs should have it.
  • Patch promptly – this could guard against many attacks.
  • Encrypt sensitive data – make your data next to useless if it is stolen.
  • Use two-factor authentication – this can limit the damage that can be done with lost or stolen credentials.
  • Don’t forget physical security – not all data theft happens online.

“Our report demonstrates that there is no such thing as an impenetrable system, but doing the basics well makes a real difference. Often, even a basic defence will deter cybercriminals who will move on to look for an easier target," Sartin concludes.

The report analysed data from 65 organisations across 84 countries. In total it analysed 42,068 incidents and 1935 incidents.

Vertiv reveals new ‘plug-and-play’ data centre options
The new product families are said to enable the rapid deployment of right-sized, just-in-time data centre and power capacity.
Fujitsu takes conservation prize for immersion cooling system
The prize was awarded for the Fujitsu Server PRIMERGY Immersion Cooling System that can reduce power consumption by up to 40%.
5G will propel RAN market to $160b in near future
5G growth is expected to advance at a faster pace than LTE, particularly within the APAC region.
Telstra partnerships boost subsea cable infrastructure
Telstra’s customers across Asia Pacific will soon be able to take advantage of major major boosts to Telstra’s network services and subsea cables.
Expert comment: Google fined US$57mil for GDPR breaches
The committee examining the breaches found two types of breaches of the GDPR.
NTT Com launches Azure stack in Singapore
NTT Communications Corporation (NTT Com) has introduced the Managed Microsoft Azure Stack Solution to its Singapore operations.
Liquid cooling key to silencing a noisy data centre
Data centre are famous for being very noisy, but Schneider Electric's Steven Carlini says liquid cooling infrastructure could change that.
Achieving cyber resilience in the telco industry - Accenture
Whether hackers are motivated by greed, or a curiosity to assess a telco’s weaknesses; the interconnected nature of the industry places it in a position of increased threat