Verizon is one of the biggest telecom companies in North America and is currently ranked among the top 25 of Fortune 500’s current ranking. The data breach investigation report released earlier this month provides insights from the analysis of over 23,000 incidents and 5,200 confirmed breaches worldwide.
Verizon believes such reports educate businesses of all sizes, thus helping them minimize risk and have fewer incidents. The released report is over one hundred pages, so we will not be able to go through all their findings, but we will try to highlight the main conclusions.
Ransomware continues to grow
It is not a surprise that ransomware victims are continuing to increase. Attacks are getting increasingly sophisticated, hackers are constantly developing new ways to attack, and the activity is highly profitable for the criminals. Cyber-criminal organizations had started operating like real businesses with customer services and live agents in virtual centers able to answer any victims’ questions. Every year companies from all over the globe spend tens of billions of dollars to unencrypt important organization files locked by cyber gangs.
Ways for hackers to get into your organization
According to the report, hackers end up in the system of businesses using four methods – phishing, credential stuffing and usage of stolen user data, vulnerability exploitation, or botnet attacks. No organization appears to be safe if they don’t have ways already in place to tackle such types of attacks. Stolen credentials are topping the chart as a leading method for hackers to end up in someone’s system. Phishing and exploiting IT vulnerabilities come right after, followed by botnet attacks.
Misconfigured cloud settings
Some of the most notable breaches reported over the last couple of years have not been breaches, just big piles of the information left unprotected. It is similar to leaving a car open and hoping no one would open it to see and steal stuff from the inside. IT administrators and employees responsible for cloud configurations leave big chunks of data unprotected. While IT admins hope that no one will come to look for it, cyber criminals browse all parts of the internet, hoping they can find something useful. Poor cloud settings configuration is responsible for about 13% of all breaches.
Untrained or rogue employees
According to the report, untrained and rogue employees drive breaches and incidents. The human element appears to be problem organizations are continuously finding hard to address. Verizon says that this year approximately 82% of the observed violations involved the human element. It could be the use of stolen credentials improperly stored by an employee, people failing to recognize phishing attempts, misuse of data, or general employee unpreparedness to handle cyber-attacks. People, in general, play a massive role in incidents and breaches.
Individuals, small and medium-sized businesses, large enterprises, and even governments are targets of bad actors who, in most cases, are after monetary gain. Understanding the problem is a significant part of finding a solution. Preparing for attacks is equally essential for an individual and a large enterprise. If you wish to be on top of your cyber security, you are welcome to shop around and find the type of coverage that best suits your needs.