RSS feed Get our RSS feed

News by Topic

BizReport : Research archives : May 03, 2017

Data breach investigations report shows 50% rise in ransomware attacks

Ransomware, cyberespionage and pretexting are on the increase, according to Verizon's latest Data Breach Investigations Report, with small businesses the most-targeted.

by Helen Leggatt

A recent report from Juniper Research found that, despite significant investment in cybersecurity, data breaches will have cost the global business community $8trillion by 2022, mostly in fines, lost businesses and remediation costs.

victims.pngNew research, from Verizon, analysed more than 2,000 breaches from 65 organisations. Of the breaches analyzed, 300 were found to be espionage-related, many of which started out as phishing emails. This type of attack was found to be the most common type seen in the government, manufacturing and education sectors.

small b.pngProbably the biggest trend this year is the rise of ransomware. In Verizon's 2014 report, ransomware was the 22nd most common form of malware. This year it's number five. According to the report authors, the ability for hackers to get a "quick buck" from ransomware means this particular threat won't be abating any time soon.

It doesn't help that people are still falling for phishing scams. According to Verizon's 2017 Data Breach Investigations Report, 1 in 14 users were tricked into following a link or opening an attachment - and a quarter of those went on to be tricked more than once. Where phishing successfully opened the door, malware was then typically put to work to capture and export data - or take control of systems.

Another cybercrime tactic discussed in Verizon's report is "pretexting", or the impersonation of a company official by spoofing and email to gain information from employees.

"Pretexting is a very big threat that will continue to grow because it takes advantage of urgency and common cultural situations where employees will set aside procedures and policies in order to make sure the boss does not get upset," says Paul Calatayud, CTO of Intelligent Security Management Firm, FireMon.

"Most phishing training focuses on the content: malware and links more than the sender and in this case the sender and what is being asked is the issue. People will no doubt feel under pressure to make sure the boss is happy and some of the requests will seem entirely legitimate to the right employee."

Tags: cybercrime, cybersecurity trends, phishing, ransomware, security

Subscribe to BizReport



Copyright © 1999- BizReport. All rights reserved.
Republication or redistribution of BizReport content is expressly prohibited without the prior written consent.
BizReport shall not be liable for any errors in the content, or for any actions taken in reliance thereon.