Social Engineering tied to 82% of breaches.
Ransomware up 13% this year.
Cybersecurity professionals facing insurmountable challenges.
Introduction:
Ransomware and social engineering continue to dominate challenges facing cybersecurity professionals, according to Verizon’s 15th annual Data Breach Investigations Report (DBIR). In general, the results of DBIR merely confirm well-established trends, such as the growing threats of ransomware (up 13% this year), and the inescapability of the human element, which was tied to 82% of all breaches. DBIR data is based on 23,896 reported security incidents, including 5,212 verified breaches.
Details:
The number of ransomware incidents increased this year by nearly 13%, which is an increase as large as the last five years combined. Ransomware now plays a role in one out of every four breaches. Though the prevalence of ransomware has been rising, the nature of these attacks have remained surprisingly consistent. Verizon first wrote about ransomware in their 2013 report. When targeting companies, typically SMBs, the criminals access victim networks via Microsoft’s Remote Desktop Protocol (RDP) either via unpatched vulnerabilities or weak passwords. That statement was made in 2013. Nine years later, the most common vector for ransomware attackers is still desktop sharing software, which is ussed in around 40% of attacks. The overwhelming majority of those instances involve stolen credentials.
Currently:
There are all kinds of technical mechanisms by which attackers can obtain initial access into a target organization. But they usually don’t need to try all them. The much simpler solution, usually, is to just trick people. According to Verizon, 82% of this year’s data breaches involved the human element that includes the Use of stolen credentials, Phishing, Misuse, or simply an Error. Phishing, as expected, is still the hackers’ go-to. Well over 60% of this year’s breaches began that way. Phishers are still using all the same tricks, like pretexting, which is inventing a story to convince targets to divulge sensitive information. Ultimately it leads to business email compromise (27% of all attacks).
Additional Security Info:
That doesn’t necessarily mean that targets are still so unaware, so naive as to click on any wayward link or smooth-talking email. Only 2.9% of employees may actually click on phishing emails. It’s just that 2.9% is more than enough for criminals to continue to use it as a method for intrusion. Whenever human error arises in cybersecurity discourse, someone’s bound to mention training. But, as the authors of DBIR noted, Most training takes twice as long to complete than was expected, with 10% taking three times as long. Additionally, while getting training is easy, proving it’s working is a bit harder.
Closing:
It may just be that the cyber threat landscape is in a holding pattern, as it has been for some time now. Every year, it seems, we’re facing the same kinds of attacks, and offering variations of the same solutions that haven’t entirely worked before. We are waking up to the same results year after year since the first report in 2008.
Reference link for the full story:
Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats: Again
This information is brought to you by Vectech Solutions, The Gold Standard in Cybersecurity
#verizon #ransomware #socialengineering
Found this article interesting? Follow Vectech Solutions, LLC on Facebook, Telegram and LinkedIn to read more exclusive content we post