Cyber-attacks, hacks or data breaches have become common in recent times. Be it large scale businesses or a startup; no one is safe from the ever-growing cyber threat landscape. While keeping track of all cyber-attacks is not possible for companies, it is important for them to be updated with a history of attacks and learn from the mistakes of self and others.
Confidentiality is a desirable trait for any organization, and a breach can readily compromise the same. While the likes of Equifax and CeX data breaches call for functional laws and better reforms, there are certain takeaways which can help enterprises formulate holistic cyber security solutions. We are sharing some key takeaways from the recently released Verizon Data Breach report, let’s have a look.
Takeaway 1: Phishing continues to grow
Most data breaches have already established the popularity of phishing as the ‘go-to’ hacking method. This approach allows hackers to access sensitive data, via malicious emails and a host of other techniques. Almost 66 percent of malware installations happen this way, and around 43 percent of global data breaches involve phishing as the precursor.
Enterprises must, therefore, train their employees regarding suspicious links and other forms of clickbaits. It is also important to conduct stimulated campaigns concerning anti-phishing activities. With companies witnessing financially motivated attacks, security awareness focused at this malicious form of data breach should improve.
Takeaway 2: Ransomware isn’t leaving anytime soon
Lately, ransomware has been the face of cyber-attacks, and in 2017 it has evolved into an overpowering abomination. Be it the social engineering crusades or phishing emails, data thefts are quite common and comprise of 21 percent of the existing ransomware incidents. These figures are at least 8 percent higher as compared to the DBIR reports released for 2016.
While it is hard to stem the growth of ransomware, vigilance is something that keeps malware and other malicious entrants out of the system. There are organizations which conduct ransomware awareness training programs to educate their employees. To mitigate the global crisis, a dynamic program might work best.
Takeaway 3: Healthcare is a vulnerable sector
DBIR reports suggest that almost 15 percent of the recent data breaches targeted the healthcare industry which is a worrying sign. When it comes to analyzing the cyber threats concerning the healthcare sector, the DBIR data reveals a two-fold issue. The first concern happens to be the inadvertency where employees play a pivotal role in compromising the confidentiality. It is an alarming concern that almost 80 percent of healthcare-specific breaches have miscellaneous errors and privilege misuse as the primary reasons.
The other aspect of the two-fold problem is the growth of ransomware that is specifically detrimental to the medical and healthcare sector. Believe it or not, almost 72 percent of malware incidents related to this sector, comprises of ransomware attacks.
Takeaway 4: Password laziness is predominant
Based on the 2017 DBIR data, 80 percent of data breaches that involve hacking, use stolen passwords. This has resulted in a form of security fatigue with password laziness at the helm. Organizations should look to value passwords and the strategies behind their selections. Security awareness campaigns are great ideas for improving password-centric training reinforcements. Moreover, it must be understood that password strength is a repeated issue and should be handled with extreme care.
Takeaway 5: Ignore pretexting at your own peril
While malware, malicious emails, phishing attacks and ransomware threats are real, pretexting is more like a slow poison when it comes to impairing the cyber space. A pretext is more of a persuasive scenario, created by hackers for influencing targets. Almost 88 percent of pretexting incidents involving financial shortfalls, make use of emails – a popular avenue for sending forth pretexts. That said, educating employees about the risk-based approach can help them segregate pretexts from original requests. This method calls for the inclusion of knowledge assessments which is a handful when it comes to determining threats and mitigating them.
Data breaches are common and will continue bothering us moving further into the future. However, it is important to process the takeaways and inferences in the best possible manner for keeping threats, risks, and damages to a minimum.