According to the recently published Verizon 2018 Data Breach Investigations Report, 78 percent of users within an organization did not click a single phishing link the entire year of 2017. Unfortunately, four percent clicked on just about anything when it came to phishing campaigns. The evidence clearly shows that the more phishing emails someone has clicked in the past; the more likely they are to click in the future. If the four percent formula is indicative of most organizations, then it’s more than worthwhile to track down this small group of people within your organization. This can be accomplished by implementing a series of phishing simulation attacks amongst your users and then meeting with these individuals.
Another concerning statistic concerning phishing attacks is that users report only 17 percent of phishing campaigns. Not only are most phishing campaigns never reported, the study shows that it takes 28 minutes on average for the first report to come in, while a phishing link is clicked within 16 minutes. Users need to be trained how to identify suspicious emails and educated concerning the importance of reporting suspicious activity as soon as possible. Users are not only your weakest security link; they are also your last line of defense. Education is paramount.
Some other interesting statistics in regards to phishing last year included:
The study analyzed 444 million malware detections across approximately 130,000 organizations and the median organization received 22 or fewer pieces of malware per year. For the first time, ransomware sits at the top of the list as the most prevalent type of malware found in attacks. Since 2014 when it first appeared on the list of malware threats at #22, it has ascended quickly, reaching as high as #5 in the 2017 DBIR report.
While ransomware made up 56% of all discovered malware last year, it comprised 85% of all malware found in the healthcare industry so obviously ransomware perpetrators are targeting this industry. We spoke about the prevalence of legacy systems in the health sector in last weeks blog – these systems are being targeted by hackers as they are an obvious target and extremely vulnerable.
The most common vectors for ransomware delivery were email and malicious websites so filtering solutions for each of these are absolute necessities for securing your enterprise. A well thought out and methodical backup strategy is the best fall back for a ransomware attack using the 3-2-1 strategy.
The 2018 DBIR shows that the number of pretexting attacks nearly tripled when compared to the year before. While phishing is often associated with malware infestation, financial pretexting rarely involved malware (less than 10%). Often the end goal of these types of attacks is to convince someone within an organization to transfer money, usually in some type of wire transfer or phony invoice. Pretexting is in effect spear phishing.
Email again is the primary vector of these attacks although phone conversations are used as well. In pretexting attacks, the attacker perpetrates him or herself as the CEO or another high-level executive. This can be done through the direct compromise of the executive's email account or through spoofing. These highly lucrative attacks can easily garner six figures. Just like phishing attacks, the most effective strategy to combat pretexting attacks is a combination of email filtering and security education. Users need to be taught how to identify a spoofed email and what to look for in a phishing email. There should also be some type of multifactor authentication implemented for all high dollar financial transfers.
Some of the leading statistics concerning data breaches directly included the following:
The 2018 DBIR was based on 53,000 cybersecurity incidents and 2,216 confirmed data breaches. The creators of the report chose not to include breaches involving botnets, which totaled 43,000 breaches last year. Botnets are primarily used in credential stuffing attacks, which make up the vast majority of botnet breaches, with the vast majority of these targeting financial institutions.
The purpose of the DBIR every year is to provide security practitioners a data-driven, real-world view on what commonly befalls companies with regard to cybercrime. It also outlines trends so that security professionals can allocate resources appropriately.
Sign-up for email updates...