In a recent annual report provided by Verizon, it was highlighted that employee decision making and actions have provided the most safety for an organization during data breach attacks.
Data on Data
In an examination of around 80,000 incidents and 5,000 data breaches from 2020 that compromised the integrity, confidentiality and availability of information, phishing attacks designed to trick employees into disclosing login and personal information were the most common avenue. Overall, 85% of breaches involved a human element and 61% involved stolen or misused information.
Ransomware was discovered in 13% of the human-related breaches, which is estimated to have cost organizations around $1m in cash paid out in ransom, remediation and lost revenue.
Over the past year, the number of ransomware attacks was seen to have doubled in frequency, with expectations that they set to triple in 2021. Whilst many of the demands are straightforward, holding data hostage in return for the organisation providing them with large sums of money for safe return, other tactics result in bad actors gaining control over system access, exfiltrating data and revealing to the public if the ransom is not met. There are also instances where mega-investors or competitors will provide hefty sums to get a look at their competitors’ information.
Real Face of Criminals
Whilst many envision these cyber hackers occupying the basements of their parent’s homes and hacking into mainframes for the thrill, today’s hackers are organised crime figures behind the majority of the breaches. The goal is financial gain, not the thrill of achievement.
What organizations need to seriously take notice of is that cybercriminals target organizations that they can extort huge rewards from, and not just in money. The lure of intellectual properties, sensitive information and brand-damaging information is worth a lot to the right people on the dark web. Cybercriminals may play the game of locking the company out of its network and demand payment to get back in, but now the chips in the cybercrime game can be worth millions to the right players as well as the company that is the victim.
The thought of ‘if a company can be hacked is now a question of ‘when with the race for the organization’s to train their staff going head to head with the pillaging of money-hungry hackers getting every avenue they can as fast as possible.
The solution lies in the organization’s HR department working with public sector IT to ensure that the routine tasks and security measures are being met to stop incursions. Hackers are advancing in techniques by utilising automation to hone in on security holes, which keeps them one step ahead of a slow-moving human element.