C-level executives – who have access to a company’s most sensitive information, are now the major focus for social engineering attacks. That’s according to the Verizon 2019 Data Breach Investigations Report (DBIR).
As the report puts it, senior executives under pressure quickly review and click on emails; or have assistants managing email on their behalf, making suspicious emails more likely to get through. The increasing success of social attacks such as business email compromises (BECs), can be linked to the unhealthy combination of a stressful business environment, with a lack of focused education on the risks of cybercrime, the tech firm suggests.
A growing trend to share and store information within the cloud is exposing companies to security risks, the report found; it saw a substantial shift towards compromise of cloud-based email accounts via the use of stolen credentials. Ransomware attacks are still going strong: and account for nearly 24 percent of incidents where malware was used. Ransomware has become so commonplace that it is less frequently mentioned in the specialised media unless there is a high profile target.
By business sector, the 12th edition of the DBIR shows healthcare continues to be the only industry to show a greater number of insider compared to external attacks (60 versus 42 percent respectively).
Comments
George Fischer, president of Verizon Global Enterprise said: “Enterprises are increasingly using edge-based applications to deliver credible insights and experience. Supply chain data, video, and other critical – often personal – data WILL be assembled and analysed at eye-blink speed, changing how applications utilise secure network capabilities. Security must remain front and centre when implementing these new applications and architectures.
“Technical IT hygiene and network security are table stakes when it comes to reducing risk. It all begins with understanding your risk posture and the threat landscape, so you can develop and action a solid plan to protect your business against the reality of cybercrime. Knowledge is power, and Verizon’s DBIR offers organisations large and small a comprehensive overview of the cyber threat landscape today so they can quickly develop effective defence strategies.”
Mandeep Sandhu, Principle Solutions Engineer at SentinelOne said the report highlights that organisations’ lack of visibility into their infrastructure is still a key issue. “However, with the volume of security alerts and incidents (this report analysed 41,000 security incidents) to manage, teams are often overwhelmed. Autonomous security can help with these high volumes, allowing for more focus on monitoring and securing high target systems (as 60pc of attacks involved hacking a web application) or individuals (like the C-level executives mentioned within the report).
“With cyber attacks increasing in their complexity, security teams need to be able to quickly identify and understand all cybercriminal activity across their organisation’s environment. And that includes third party/supply chain environments too. Organisations should aim to use technologies designed to detect and respond to cybercriminal activity, as they often have access to all attack details and therefore have the ability to restore files and system configurations with minimal impact to business operations, which is especially important in ransomware attacks.”
Martin Jartelius, CSO of Outpost24 said: “This year the report has big focus on state-sponsored attacks and, while not surprising, the findings show just how frequently cybercrime is being used by governments to target adversaries. The report also highlights that hacking is still playing a huge role in cyberattacks and reinforces the importance of organisations monitoring for vulnerabilities that can easily be exploited, so they can be remediated and patched before any damage occurs.”
And Fraser Kyne, EMEA CTO at Bromium said: “This year’s report shows cybercriminals are choosing to take a subtler approach. Hackers don’t want to announce their presence anymore – as they would with noisy ransomware attacks. Instead, they silently gain access to conduct reconnaissance, insert backdoors, escalate privileges and exfiltrate data.The longer the ‘dwell time’ – i.e. the time a hacker has unauthorised access to systems – the more dangerous the attack can be.
“Protecting high value assets has turned into a game of cat and mouse. Yet to win such a game, you need to spot the clues, however this report shows that it’s taking months or longer to discover a breach.To address this, organisations must adopt layered defences that utilise application isolation to identify and contain malicious threats. This prevents hackers from gaining a foothold in the network by applying protection at the most common entry point, the endpoint, reducing the attack surface by closing off the most common routes into the enterprise like emails, the browser and downloads.
“By turning the endpoint from a traditional weakness into an intelligence gathering strength, organisations get rich-threat telemetry about the hacker’s intent that hardens the entire defensive infrastructure. This gives security teams the big picture, reduces false positives and allows malware to detonate safely with no impact. Isolation stops hackers at the point of entry and provides security teams with the time and information they need to analyse the real threats they are facing.”
