Verizon recently released its annual Data Breach Investigations Report, a comprehensive resource that is based on analysis of over 40,000 incidents, including 1,935 confirmed data breaches. As one might imagine, with this much data, the report itself can be somewhat overwhelming. We thought it would be helpful to summarize what we feel is one of the most critical messages, at least from a cybersecurity in business perspective. That is – defining who is most likely to be targeted by cyber criminals and what tactics they’re using to achieve their malicious goals. Here’s what you need to know.
Who are the most common victims of cybersecurity attacks?
The Verizon report uncovered that the industries most frequently targeted by hackers were as follows:
- 24% of breaches affected financial organizations
- 15% of breaches involved healthcare organizations
- 12% Public sector entities
- 15% Retail and Accommodation combined
It’s pretty obvious why cyber criminals would target financial and healthcare institutions, since these organizations deal very heavily in confidential information. Not surprisingly, the report found that 73% of breaches were financially motivated. Public sector is a rather interesting area, though some of this could be related to hacktivism, a type of cyber-crime that’s been steadily on the rise. Retail and other types of accommodation organizations also handle a good deal of customer data, particularly as it relates to financial and personal identification material.
What methods are cyber-attackers using?
There are a wide variety of techniques a cyber-criminal might use to access the information he or she is after. According to the report, here are the most common:
- 62% of breaches featured hacking (81% of hacking-related breaches leveraged either stolen and/or weak passwords)
- 51% over half of breaches included malware
- 43% were social attacks
- 14% were due to errors
- 14% as a result of privilege misuse
- 8% were caused by physical actions
The truly alarming fact here is that hacking can come in many different forms. There are basic hacks and then there are those orchestrated by highly sophisticated cyber criminals. These are more commonly referred to as Advanced Persistent Threats, or APTs. In these instances, the actors behind the attacks are absolutely relentless. They also strategically target their victims to increase the odds of achieving the end result they’re after.
It should also be noted that the number of social engineering attacks is also on the rise. This can be tied into malware, as techniques like phishing scams typically involve the deployment of some type of malicious code. In fact, the report also found that 66% of malware was installed via malicious email attachments.
What you need to know…
The most important thing we’d like to point out is that even those organizations that fall outside the main categories of cybersecurity targets should operate under the assumption and expectation that they will likely also become a victim at some point. In other words, no company is safe. Small businesses to enterprise level, and organizations in every industry across the globe are all at risk of becoming a target of cyber-criminals.
The best way to defend against these threats is to leverage the power of technology that is available to you. Remember – attacks are coming in at an alarming rate and increasing in both volume and complexity. Likewise, tools like anti-virus software and firewalls are no match for sophisticated social engineering campaigns. A combination of employee education and automated cybersecurity incident response can provide an extra barrier of protection. It can also help with the most important step – remediation – getting critical systems back up and running quickly and mitigating damages.
Want to avoid becoming a part of the disturbing statistics listed above? Arm your company with the right technology. Launch your free 30 day trial of eyeShare and start beefing up your protection today.