The percentage of cyberattacks involving ransomware has risen to an alarming level, now exceeding one third for global organizations, according to the newly released Verizon 2018 Data Breach Investigation Report.
Ransomware was found in 39% of malware-related data breaches – double the percentage from the previous year’s report. What’s more, Verizon’s analysis also showed that attacks are moving into business-critical systems, which encrypt file servers or databases, inflicting more damage and commanding bigger ransom requests.
The report also flags a shift in how social attacks, such as financial pretexting and phishing, are used. Attacks such as these, which continue to infiltrate organizations via employees, are now increasingly a departmental issue. Analysis shows that human resource departments across multiple verticals are being targeted in a bid to extract employee wage and tax data, so criminals can commit tax fraud and divert tax rebates.
The human factor continues to be a key weakness, according to the report. Employees are still falling victim to social attacks. Financial pretexting and phishing represent 98% of social incidents and 93% of all breaches investigated – with email continuing to be the main entry point (96% of cases). Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasizing the need for ongoing employee cybersecurity education.
“Businesses find it difficult to keep abreast of the threat landscape and continue to put themselves at risk by not adopting dynamic and proactive security strategies,” said George Fischer, president of Verizon Enterprise Solutions, in a prepared statement.
The report also found:
- Financial pretexting targets HR: Pretexting incidents have increased more than fivefold since the 2017 report, with 170 incidents analyzed this year (compared to just 61 incidents in the 2017 report). Eighty-eight of these incidents specifically targeted HR staff to obtain personal data for the filing of fraudulent tax returns.
- Phishing attacks cannot be ignored: While on average 78 percent of people did not fail a phishing test last year, 4% of people do for any given phishing campaign. A cybercriminal only needs one victim to get access into an organization.