PROVIDENCE – The latest Verizon Data Breach Investigations Report is out, showing double the ransomware attacks compared with 2017, according to a Verizon press release. According to the report, ransomware was found in 39 percent of malware-related cases last year.
Where the main driver – human error – hasn’t changed, ransomware incidents are increasing, with cybercriminals going for bigger targets. “Attacks are now moving into business-critical systems, which encrypt file servers or databases, inflicting more damage and commanding bigger ransom requests,” the press release states.
According to Verizon, financial pretexting (pretending to be someone else to gain privileged financial information) and phishing attacks now target entities such as human resources departments. There were 61 incidents of pretexting in 2017, according to the report, with 170 incidents in 2018. Eighty-eight of those targeted HR staff members have access to personal data that could be used for the filing of fraudulent tax returns and diversion of rebates, Verizon said.
“Businesses find it difficult to keep abreast of the threat landscape, and continue to put themselves at risk by not adopting dynamic and proactive security strategies,” said George Fischer, president of Verizon Enterprise Solutions.
Other report findings:
- While most people don’t fall for phishing attacks, about 4 percent of people do, according to Verizon, enough for a cybercriminal to access an organization.
- DDoS attacks, or distributed denial of service attacks, seek to make an online service inaccessible by overwhelming it with traffic, sometimes to hide other breaches. Verizon says DDoS activity remains a major threat.
- Most attacks – 72 percent – are perpetrated by individuals outside of an organization, the report shows.
The Verizon Data Breach Investigations Report includes data from 67 organizations and analyzes more than 53,000 incidents and 2,216 breaches from across 65 countries.
Among Verizon’s suggestions to businesses when it comes to cybersecurity: Train staff to recognize warning signs of a breach; only allow employees access to certain data if they need it to perform their job; and encrypt sensitive data.
Susan Shalhoub is a PBN contributing writer.