This is the 11th edition of the report that offers a comprehensive statistical overview of current cyber security trends and methods of mitigation. In this summary, we’ll be focusing on the ‘human factor’ section and how it relates to insider threats and monitoring.
Overview of the Report
The report data included 53,308 security incidents, 2,216 data breaches, 65 countries and 67 contributors.
Cyber criminals are looking to exploit data, and they’re going after data centrals that are easy to steal and consume. Criminals want a company’s money, and they achieve the profit by stealing payment card data, personally identifiable information or intellectual property. The most common methods of doing this includes hacking and malware infections. The methods of deployment commonly include the ‘human factor’ through phishing, virus infection and ransomware.
Malicious outsiders are still a problem. The report states that almost three-quarters (73%) of cyber attacks were enacted by outsiders. Ransomware is still the most common method of deployment, and it was found in 39% of cases where malware was identified. It’s commonly used, because it’s easy to deploy and very effective. In recent years, we’ve seen darknet development where malware has become a consumer product. This means anybody can access and download a DIY kit to deploy a ransomware event.
68% of breaches took months or longer to discover.
Data loss detection is still a weak link for many industries. The top vulnerable industries – according to the report by # of breaches – are accommodation, education, financial, health and information. Each industry has different categorizations of important sensitive data. For example, healthcare consists of social security numbers and personal information. The first step in mitigation and stopping a breach sooner (rather than later) is to categorize your most sensitive information and know who has access to it.
Insider Threats & Monitoring – It’s time to take notice.
Insider threats is an important topic that has taken more notice in the recent years. The insider threat comes from within your company. It includes four different types of insider threat actors. The most common are insider threats that are negligent or of malicious intent.
Ultimately, an insider threat can include anybody that has access to your sensitive information. It doesn’t have to be a current employee. It can also be a recently fired employee (who still has access), or an outside vendor. This is why it’s imperative that in your security strategy, you must categorize your most valuable data and who has access to it. This is the backbone of your security protection plan.
According to the Verizon report, over a quarter (28%) of attacks involved insiders. As a quarter of the potential security risk, it’s an important attack venue to notice and prepare for.
These negligent employees fall victim to ransomware through most common phishing emails, simply sending an email to the wrong person, or misconfiguration a web service. According to Verizon, phishing and pretexting represented 98% of social incidents and 93% of data breaches. Email continues to be the most common method of deployment.
Don’t be Phished.
Employees are falling victim to phishing emails. Phishing is the crafting of a message that is sent to influence the recipient to ‘mouse click’ most commonly a link or malicious attachment. Once that access has been granted, credentials are stolen or malware is dropped into the system.
Lucky, awareness is building, and it’s starting to take note. According to Verizon, in any normal (medium) organization, 78% of people don’t click a single phishing scheme. The bad news, 4% do click on these campaigns and a malicious actor only needs one access point.
Mitigation can come in several methods. Most common suggestions – and what we consider progressive approaches – include employee awareness training, sensitive data categorization, regular backups of software and monitoring / user analytics.