According to the recently published Verizon 2018 Data Breach Investigations Report, 78 percent of users within an organization did not click a single phishing link the entire year of 2017. Unfortunately, four percent clicked on just about anything when it came to phishing campaigns. The evidence clearly shows that the more phishing emails someone has clicked in the past; the more likely they are to click in the future. If the four percent formula is indicative of most organizations, then it’s more than worthwhile to track down this small group of people within your organization. This can be accomplished by implementing a series of phishing simulation attacks amongst your users and then meeting with these individuals.
Users report only 17 percent of phishing campaigns
Another concerning statistic concerning phishing attacks is that users report only 17 percent of phishing campaigns. Not only are most phishing campaigns never reported, the study shows that it takes 28 minutes on average for the first report to come in, while a phishing link is clicked within 16 minutes. Users need to be trained how to identify suspicious emails and educated concerning the importance of reporting suspicious activity as soon as possible. Users are not only your weakest security link; they are also your last line of defense. Education is paramount.
Some other interesting statistics in regards to phishing last year included:
- Email continues to be the most primary delivery mechanism for social engineering attacks ( 96%)
- 59% of phishing attacks are financially motivated
- Phishing is often used as the lead action of an attack and is followed by malware installation
- Only 13% of breaches utilize phishing, but 25% of breaches in educational institutions does
Ransomware is now #1
The study analyzed 444 million malware detections across approximately 130,000 organizations and the median organization received 22 or fewer pieces of malware per year. For the first time, ransomware sits at the top of the list as the most prevalent type of malware found in attacks. Since 2014 when it first appeared on the list of malware threats at #22, it has ascended quickly, reaching as high as #5 in the 2017 DBIR report.
While ransomware made up 56% of all discovered malware last year, it comprised 85% of all malware found in the healthcare industry so obviously ransomware perpetrators are targeting this industry. We spoke about the prevalence of legacy systems in the health sector in last weeks blog – these systems are being targeted by hackers as they are an obvious target and extremely vulnerable.
The most common vectors for ransomware delivery were email and malicious websites so filtering solutions for each of these are absolute necessities for securing your enterprise. A well thought out and methodical backup strategy is the best fall back for a ransomware attack using the 3-2-1 strategy.
The 2018 DBIR shows that the number of pretexting attacks nearly tripled when compared to the year before. While phishing is often associated with malware infestation, financial pretexting rarely involved malware (less than 10%). Often the end goal of these types of attacks is to convince someone within an organization to transfer money, usually in some type of wire transfer or phony invoice. Pretexting is in effect spear phishing.
Email again is the primary vector of these attacks although phone conversations are used as well. In pretexting attacks, the attacker perpetrates him or herself as the CEO or another high-level executive. This can be done through the direct compromise of the executive's email account or through spoofing. These highly lucrative attacks can easily garner six figures. Just like phishing attacks, the most effective strategy to combat pretexting attacks is a combination of email filtering and security education. Users need to be taught how to identify a spoofed email and what to look for in a phishing email. There should also be some type of multifactor authentication implemented for all high dollar financial transfers.
Some of the leading statistics concerning data breaches directly included the following:
- 73% of breaches are implemented by outsiders, while 28% involve inside an inside party
- 48% of breaches involve hacking, while 30% are dependent on malware
- 24% of breaches affect healthcare organizations
- 58% of victimized organizations are categorized as small businesses
- Organized crime continues to be the leading perpetrator of data breaches
- While system admins topped the list of likely culprits of internally based breaches, the regular user ranked second not far behind. Doctors/Nurses ranked #4
The Ominous Prominence of Botnet Armies
The 2018 DBIR was based on 53,000 cybersecurity incidents and 2,216 confirmed data breaches. The creators of the report chose not to include breaches involving botnets, which totaled 43,000 breaches last year. Botnets are primarily used in credential stuffing attacks, which make up the vast majority of botnet breaches, with the vast majority of these targeting financial institutions.
The purpose of the DBIR every year is to provide security practitioners a data-driven, real-world view on what commonly befalls companies with regard to cybercrime. It also outlines trends so that security professionals can allocate resources appropriately.