Cyber attacks are getting more frequent and more sophisticated each year, but what about the response to these attacks? Unfortunately, it’s easier in the short term to pay the ransom on a cyber attack than to invest the money needed to create more secure systems and too many institutions are finding themselves paying hefty ransoms time and again.
According to Verizon’s 2017 Data Breach Investigations Report, not only are cyber attacks on the rise, but they’re reaching more industries as time goes by.
The most common victims are financial services firms, accounting for nearly a quarter of breaches in the past year. But while it’s straightforward to think of money as a primary motive for cyber crime, it is cyber espionage that is the second greatest motivator for online thieving.
According to the Verizon report, the manufacturing industry, the public sector, and educational institutions are the primary targets of online criminals seeking to pilfer information. With the amount of proprietary research, prototypes, and confidential personal data stored online growing, we can expect to see more interest in this type of cyber crime in the future.
When it comes to extorting money, Verizon found a 50% in ransomware attacks in the past year. This has been particularly prevalent in the healthcare sector, where ransomware accounted for a full 72% of all malware incidents.
While many of these attacks can be solved by investing further in strong IT departments that tackle malware prevention, there are some tactics that are much harder to deal with. “Pretexting” is a highly sophisticated and specific use of phishing scams in which the perpetrator, pretending to be senior management, sends messages, most often emails, to financial department employees instructing them to transfer money to accounts controlled by the perpetrator.
These attacks can be so sophisticated that they often come from legitimate email accounts and manage to fool most of those who are targeted.
While employees should always be kept up-to-date on phishing scams and how to avoid them, new guidelines should be set in place similar to two-factor authentication systems in place when making bank transactions on mobile devices, for instance. By ensuring that email communication isn’t the only means by which transaction decisions are made, falling prey to these phishing scams can be avoided.
At the end of the day, it is imperative for industries across the board to start implementing proactive policies to avoid malware attacks and to prevent employees from falling into even the most sophisticated of traps.
