Verizon released the 11th version of their Data Breach Investigations Report (DBIR) for 2018 today. The headline for this year’s report is ransomware, present in 39% of malware related cases. Per Gabe Bassett, a co-author of the DBIR, “Ransomware has doubled year over year again—it happened last year as well. The reason we’re seeing this incredible prevalence is ransomware is a great value proposition for the attacker. They don’t have to do a lot of the complex work. They just drop a piece of malware and then let it run.”
Compounding the increase in malware is the targeted systems. According to the report, attacks are focusing more business critical systems. Per Dave Hylender, senior network analyst at Verizon and DBIR co-author, "When we first started seeing [ransomware], it was smaller organizations, one desktop, one laptop. Now it's more widespread and affecting critical systems."
Per Bryan Sartin, executive director security professional services at Verizon, “Ransomware remains a significant threat for companies of all sizes. It is now the most prevalent form of malware, and its use has increased significantly over recent years. What is interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom – the cybercriminal is the only winner here! As an industry, we have to help our customers take a more proactive approach to their security. Helping them to understand the threats they face is the first step to putting in place solutions to protect themselves.”
Beyond ransomware, other highlights from the report include:
- 72% of attacks were perpetrated by outsiders
- 50% of attacks were perpetrated by organized crime groups
- Pretexting incidents nearly tripled from last year
- Companies are 3x more likely to be breached by social attacks than vulnerabilities
Sartin noted, “Companies also need to continue to invest in employee education about cybercrime and the detrimental effect a breach can have on brand, reputation and the bottom line. Employees should be a business’s first line of defense, rather than the weakest link in the security chain. Ongoing training and education programs are essential. It only takes one person to click on a phishing email to expose an entire organization.”
The DBIR also looks at industry specific data. And for the first time, an industry was breached more often by insiders than by outsiders. 56% of healthcare breaches were the result of employee misuse or error. Other highly targeted industries include the public sector, entertainment, information, financial, and retail. The most breached industries are healthcare, the public sector, and accommodations.
While cyber attacks are 2x more likely against large organizations, not including the public sector which accounts for 90% of large company attacks, small businesses experience 38% more breaches, highlighting the need for better cyber hygiene among small and medium sized businesses.
Finally, speed matters. Just as it matters with patching to prevent attacks against known vulnerabilities, it matters how quickly you can identify and fix a breach. Unfortunately for IT, the same is not true of the attacks. 87% of compromises took minutes while only 3% of breaches were discovered this fast. 68% of breaches were undiscovered for months or even years. And as Hylender calls out, "what these figures don't show is that often, once these breaches were discovered, it took weeks or months before they were fixed."
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-based and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-based patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.