Companies still fail security basics, as ransomware rises

Verizon report: Most breaches take advantage of simple passwords

Companies are still failing to take basic steps to secure their businesses, a new report has found.

Verizon's annual Data Breach Investigations Report, published today, revealed that of the almost 2,000 breaches and security incidents that were analysed, a whopping 81% used easily-guessed or stolen passwords.

Furthermore, over 65% of malware infections were delivered via email attachments - a technique that has been around for decades. Pretexting - a form of social engineering used to obtain privileged information - is also on the rise.

With so many enterprises falling victim to age-old tactics, why are businesses still failing to take basic security measures like strong password hygiene and regular data backups?

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"It's a very good question, and it's one we ask ourselves on a recurring basis," Verizon's director of international security solutions, Ali Neil, told IT Pro, "because this is not the only year that we find that the human vector is probably the most susceptible, and theoretically the easiest one by which to combat things."

"You don't have to pay a fortune for a SIEM solution or an intrusion detection solution, you actually have to enforce some basic standards," he added. "Our message is that training is the simplest thing you can do with people."

Not everyone agrees, however. Bromium's EMEA CTO, Fraser Kyne, said that companies need to spend less time focusing on employee training, not more.

"What most interested me in this year's report was that phishing attacks are actually becoming even more prevalent," he said. "One in 14 users are being duped into clicking on a bad link or attachment; but even worse, a quarter of those people go on to do it again. There is a phrase that I think is very apt here - "You can't patch stupidity'.

"Organisations therefore need to shift the onus away from controlling user behaviour if they are to get a handle on the situation. The best way of mitigating phishing attacks is to have a safety net in place, allowing end users to click with freedom, without having to worry too much about stumbling upon a bad link or malicious attachment."

The report included further interesting findings, such as the fact that organised crime gangs were behind more than half of all breaches, almost 70% of all threats to healthcare come from within the organisation, and around 50% of attacks on educational institutions were perpetrated by state-affiliated hackers.

Advertisement - Article continues below

Unsurprisingly, ransomware has also gone up by 50% compared to last year's report. Across the numerous reports put out by the security industry, a consistent rise in ransomware activity is one of the universal constants.

"Our vision is to unite industries with the end goal of confronting cybercrime head-on, and we are achieving this," said Verizon enterprise solutions' executive director of global security services, Bryan Sartin.

"The success of the Data Breach Investigations Report series is thanks to our contributors who support us year after year. Together we have broken down the barriers that used to surround cyber crime - developing trust and credibility. No organisation has to stand in silence against cybercrime - the knowledge is out there to be shared."

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Visit/back-up/29084/how-to-enhance-your-backup-strategy
backup

How to enhance your backup strategy

10 Oct 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/business/business-strategy/354252/huawei-takes-the-us-trade-sanctions-into-its-own-hands
Business strategy

Huawei takes the US trade sanctions into its own hands

3 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/mobile/mobile-phones/354273/pablo-escobars-brother-launches-budget-foldable-phone
Mobile Phones

Pablo Escobar's brother launches budget foldable phone

4 Dec 2019