Filed Under:Agent Broker, E&S/Specialty Business

Cyberespionage and ransomware attacks on the rise, says Verizon

The Verizon 2017 Data Breach Investigations Report (DBIR) examined over 2,000 breaches from 84 countries. (Photo: Shutterstock)
The Verizon 2017 Data Breach Investigations Report (DBIR) examined over 2,000 breaches from 84 countries. (Photo: Shutterstock)

No one thinks it's going to be them. Until it is. And that's exactly what cybercriminals are banking on.

Society is so infused with technology that our digital footprint is practically glowing. But if we're not careful to cover our tracks, our footprint can be used against us — individuals and companies alike.

Cyberespionage is now the most common type of attack across a variety of industries and organized criminal groups escalated their use ransomware to extort their victims, according to the Verizon 2017 Data Breach Investigations Report (DBIR).

While no individual or company is immune, Verizon's report offers insights on how to keep your data safe going forward.

Related: 5 best practices to avoid a costly data breach

Continue reading... 


Verizon's DBIR noted a surge in ransomware attacks, as well as an increase in cyberespionage among a variety of industries. (Photo: Shutterstock

The results are in

Nearly 2,000 breaches from 84 countries were analyzed in this year's report.

More than 300 were espionage-related, many of which started as phishing emails. Cyberespionage is now the most common type of attack seen in manufacturing, the public sector and education. 

Related: 5 trends and factors that continue to impact cybersecurity in 2017

In addition, the DBIR noted a 50 percent increased in ransomware attacks compared to last year. Many organizations rely on out-of-date security measures and aren't investing in security precautions, despite an abundance of affordable options

"There are vastly more small-businesses in the U.S. than large-businesses," said Gabriel Bassett, senior information security data scientist. "Small-businesses are not immune." 

Whether its medical records or payment card details, someone, somewhere will see it as an opportunity. 

"Often, even a basic defense will deter cyber criminals who will move on to look for an easier target," Bryan Sartin, executive director, Global Security Services, Verizon Enterprise Solutions, said in a statement. 

Continue reading...

phishing with hook and envelope

Phishing remains a go-to strategy among attacks relating to financials and cyberespionage. (Photo: Shutterstock)

Old techniques still work

The first instance of phishing was recorded sometime in 1995. After more than two decades, people are still falling for it. 

Related: 4 pitfalls to avoid in a cyber insurance policy

Verizon's DBIR found that 1 in 14 users were tricked into following a link or opening an attachment — and a quarter of those went on to be duped more than once. 95 percent of attacks that led to a breach were followed by some sort of software installation. The method is popular among both cyberespionage and financially motivated attacks. 

Bassett recommends that companies hire a vendor who will send test phishing email to their employees. There are specific hotspots of people and departments who are more prone to attack, often because their job entails opening emails from outside sources. Using that data will allow them to analyze susceptible employees and train them

"Accept that someone is gonna click," said Bassett. 

Continue reading... 

Hacker looting company money

Cybercriminals are using pretexting to loot company money, often through emails targeting employees with access to its financial reserves. (Photo: Shutterstock) 

New techniques on the rise

Cybercriminals will search endlessly for ways to dupe an unsuspecting target. They're finding success in pretexting, which, simply put, is when someone pretends to be someone else.

Hackers are looking to engage in business email compromise. Often, someone sends an email where "the CEO" orders wire transfers with an urgent and believable back story. 

The DBIR urges companies to remind employees — particularly in finance — that no one will request a payment via unauthorized processes. IT can also assist by marking external emails with an unmistakable stamp. A lack of communication can lead to catastrophic results.

"Never use a single channel for communication for any monetary decision over a certain amount," said Bassett. 

Related: Tax season: The most wonderful time of the year (for hackers!)

Featured Video

Most Recent Videos

Video Library ››

Top Story

6 behaviors that could spawn a sexual harassment lawsuit

Sexual harassment scandals loom large among the events that shaped 2017.

Top Story

2017's 10 most hazardous toys

The Boston-based nonprofit World Against Toys Causing Harm, Inc. (W.A.T.C.H.) has released its annual list of the 10 worst toys of 2017.

More Resources


eNewsletter Sign Up

Specialty Markets Insight eNewsletter

Receive updates and analyses on hard to place and challenging coverages. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.