Cyberespionage: No one thinks it's going to be them. Until it is. And that's exactly what cybercriminals are banking on.
Society is so infused with technology that our digital footprint is practically glowing. But if we're not careful to cover our tracks, our footprint can be used against us — individuals and companies alike.
Cyberespionage is now the most common type of attack across a variety of industries and organized criminal groups escalated their use ransomware to extort their victims, according to the Verizon 2017 Data Breach Investigations Report (DBIR).
While no individual or company is immune, Verizon's report offers insights on how to keep your data safe going forward.
The results are in
Nearly 2,000 breaches from 84 countries were analyzed in this year's report.
More than 300 were espionage-related, many of which started as phishing emails. Cyberespionage is now the most common type of attack seen in manufacturing, the public sector and education.
In addition, the DBIR noted a 50 percent increased in ransomware attacks compared to last year. Many organizations rely on out-of-date security measures and aren't investing in security precautions, despite an abundance of affordable options.
"There are vastly more small-businesses in the U.S. than large-businesses," said Gabriel Bassett, senior information security data scientist. "Small-businesses are not immune."
Whether its medical records or payment card details, someone, somewhere will see it as an opportunity.
"Often, even a basic defense will deter cyber criminals who will move on to look for an easier target," Bryan Sartin, executive director, Global Security Services, Verizon Enterprise Solutions, said in a statement.
Old techniques still work
The first instance of phishing was recorded sometime in 1995. After more than two decades, people are still falling for it.
Verizon's DBIR found that 1 in 14 users were tricked into following a link or opening an attachment — and a quarter of those went on to be duped more than once. 95 percent of attacks that led to a breach were followed by some sort of software installation. The method is popular among both cyberespionage and financially motivated attacks.
Bassett recommends that companies hire a vendor who will send test phishing email to their employees. There are specific hotspots of people and departments who are more prone to attack, often because their job entails opening emails from outside sources.
Bassett recommends that companies hire a vendor to send test phishing emails to their employees. Using that data will allow them to analyze susceptible employees and train them.
"Accept that someone is gonna click," said Bassett.
New techniques on the rise
Cybercriminals will search endlessly for ways to dupe an unsuspecting target. They're finding success in pretexting, which, simply put, is when someone pretends to be someone else.
Hackers are looking to engage in business email compromise. Often, someone sends an email where "the CEO" orders wire transfers with an urgent and believable back story.
The DBIR urges companies to remind employees — particularly in finance — that no one will request a payment via unauthorized processes. IT can also assist by marking external emails with an unmistakable stamp. A lack of communication can lead to catastrophic results.
"Never use a single channel for communication for any monetary decision over a certain amount," said Bassett.