Simple Steps to Avert Cyber Attacks and Data Breaches Not being Taken Says Report
The findings of the latest Verizon Data Breach Investigations Report (DBIR) were the subject of several of the IT news websites this week (Computer Weekly and ComputerWorld UK) because they show that organisations are still not taking basic cyber crime prevention measures.
The Report’s conclusions are drawn from an analysis of 2,260 breaches and in excess of 100,000 incidents at 67 organisations in 82 different countries and as such are believed to provide a reliable snapshot of the state of organisational cyber security.
The Usual Suspects
Examples of the kinds of well known data breaches and incidents that are still being allowed to happen too frequently are human error, phishing attacks, web app breaches (908 confirmed data breaches), and malware such as ransomware.
The report shows that phishing attacks are getting more successful. For example 30% of phishing messages were opened this year compared to 23% last year, with the surprisingly high figure of 12% of those people carrying on to click on the attachment or link in the email.
Multi-Point Phishing Attacks On The Rise
The report highlights a hybrid, multi-point phishing style attack that is gaining in popularity.
High Speed Attacks That Go Unnoticed
The report showed that the speed and stealth of cyber criminals is taking organisations by surprise. For example 93% of cases attackers only took a few minutes to compromise systems and 84% of the cases the victims didn’t find out they had been breached for weeks. Many organisations even had to be informed by a third party that the breach had taken place.
Mobile and IoT Attacks Not Common Yet
Despite predictions over the last year by many security commentators, the lack of significant real-world data on mobile attacks or attacks via the Internet of Things (IoT) appears to indicate no huge surge in crime in these areas.
What Does This Mean For Your Business?
The report shows that it is important for businesses to take the threat of data breaches and cyber crime seriously and to, at the very least, set up simple systems and methods to tackle the basic known threats. This could include: