Did you know that phishing emails account for 9 out of 10 cyber attacks?
And that although most people – 78 percent, in fact – know better than to click on a suspicious email, four percent will click on any given phishing campaign.
Four percent sounds like a small number. But do the math. If you have 25 people in your law firm, at least one of them will inadvertently open the e-door to a cyber crook. If you have 200 employees, 8 employees will take the bait.
Those are some of the findings from the Verizon 2018 Data Breach Investigations Report.
Another finding: ransomware attacks are on the rise, and businesses of all sizes are at risk. Ransomware is found in 39 percent of malware-related data breaches.
Cyber Criminals Stick to What Works
The Data Breach Investigations Report analyzed more than 53,000 cyber incidents worldwide, including 2,216 confirmed data breaches.
“This year we saw yet again that cybercriminals are still finding success with the same tried and tested techniques,” according to the report. “And their victims are still making the same mistakes.”
Many of those mistakes were avoidable. Almost one in five breaches (17 percent) resulted from human error. Employees failed to shred confidential information. An email was sent to the wrong person. A web server was misconfigured. Though these actions weren’t intentional, they were still costly.
Cyber Attacks Stem from Greed
“Most cybercriminals are motivated by cold, hard cash,” the report says. “If there’s some way they can make money out of you, they will. That could mean stealing payment card data, personally identifiable information or your intellectual property.”
Here are some other findings:
- Ransomware is rampant. It’s easy to deploy and effective. “You don’t have to be a master criminal,” according to the report. “Off-the-shelf toolkits allow any amateur to create and deploy ransomware in a matter of minutes. There’s little risk or cost involved and there’s no need to monetize stolen data.”
- Cybercriminals are thinking big. Increasingly, they bypass single user devices and go after larger targets. They can wreak more havoc and make more money by attacking a file server or database.
- And they act fast. Eighty-seven percent of breaches took only minutes or less. Only three percent were quickly discovered. Two-thirds weren’t detected for months.
- The perpetrator are pros. Almost three-quarters (73 percent) of cyberattacks were perpetrated by outsiders. Members of organized criminal groups were behind half of all breaches, with nation-state or state-affiliated actors involved in 12 percent.
- Education is key. Human resource departments are focusing on educating all employees on cyber risks, especially financial pretexting and phishing. Outside consultants are brought in for specialized training. Cyber safety policies – two-factor authentication, device management, password protection, data security, keeping anti-virus software up to date – are critical.
- Watch for patterns. Almost all security incidents (94 percent) and confirmed breaches (90 percent) fall into one of several categories: web applications, point of sale, privilege misuse, and lost assets.