The rise of cyber-espionage reported in the 2017 edition of Verizon's data breach report shouldn't surprise anyone, since that topic has dominated news headlines for months. What the report also shows, however, is that ransomware is on a sharp rise and is increasingly targeting smaller, less protected companies, which need to be prepared. (See Cyberespionage, Ransomware Top 2017 Verizon DBIR.)
The tenth annual Verizon 2017 Data Breach Investigations Report (DBIR) indicates that cyber-crooks are sticking to tried and true methods -- care to go phishing, anyone? -- because these continue to work reliably, says Dave Hylender, a Verizon Enterprise Solutions senior network engineer and DBIR veteran. In an interview with Light Reading, he notes the report's basic advice on how to combat cyber-attacks is going to sound very familiar, because most of it has been offered before.
Criminals are like the rest of us, he notes. "If what they are doing is working, then why should they change?" Hylender says. "There is no need for them to re-invent the wheel" until businesses do a better job of making criminals' work harder.
That's not to say, however, that the bad guys aren't getting better or more sophisticated, because they are. Today's phishing is of the "spear" variety -- i.e., it involves email messages tailored specifically to the recipients, and thus more likely to get someone to click on the provided links and enable the breach or launch the ransomware.
This year's DBIR analyzed nearly 2,000 breaches and found more than 300 were espionage-related and many of those started with a phishing email. Data breach and other attack reports for the analysis came from 55 contributors and from 84 countries, in addition to Verizon's own data.
Hylender relates a story of one company impacted after a phony email was sent to 15 employees about to attend a meeting with a subcontractor. The email encouraged them to click on the link for the meeting agenda -- an action which then compromised the company's network. In other cases, vacationing employees appear to send emails asking a fellow employee for a one-time favor to get something done immediately, he said. The email may have been spoofed or hacked but the appeal comes across as genuine and can result in direct theft of assets.
A 50% rise in ransomware is happening while the DBIR is noting an increase in the number of small businesses being attacked, most likely because they represent low-hanging fruit for criminals, especially now that larger organizations are doing more to prevent breaches.
"This year for the first time we are seeing the majority of companies -- 61% -- are small businesses, with fewer than 1000 employees," Hylender says. "We are seeing the shift away from the really large banks being the ones that were hit and really large retailers, bricks and mortar or online, [and] we are now seeing many more small organizations being attacked. "
Ransomware attacks are "very common in small businesses -- it's quick, it's easy," Hylender notes. "Many smaller businesses have no IT support, they have no back-ups, so no real reasonably good alternative other than to pay whatever the ransom may be."
Verizon's intent in sharing the DBIR is to highlight basic ways of protection including, at minimum, having regular data backups that are stored offline and can be used to restore any data impacted by ransomware, he notes. Small businesses can particularly benefit from just enacting basic security recommendations, since those will remove them from the "easy target" list.
"Don't be the slowest antelope in the herd," Hylender says. "Do the basic protections, because, most times, you are simply a target of opportunity."
As it has done in past years, the DBIR named specific threats by industry vertical, citing financial services, healthcare and the public sector as the three top targets. The report notes, in general, the rise of "pretexting," which involves scammers seeking personal identity information under false pretenses.
And, as always, the DBIR cites the security basics: People are still the biggest vulnerability so training to note warning signs and do things like implement stronger passwords is important -- 81% of hacking-related breaches use stolen or easily discerned passwords. Restricting data access to only those who need to have it, requiring two-factor authentication, prompt patching and strong physical security also are important.
— Carol Wilson, Editor-at-Large, Light Reading