A recent study conducted by Accenture and the Ponemon Institute, compiled and analyzed interviews from 2,647 senior leaders in 355 companies across 11 countries and 16 industries, to determine the state of global cybercrime.
The study reveals three key takeaways:
- Crime rates are increasing
- Incidents are taking more time to resolve than ever
- The culmination of increased frequency and duration make cybercrime more expensive for organizations
Specifically, the average cost of cybercrime attacks has increased from $11.6 million to $13 million over the past year. And, the sheer volume of cyber attacks has increased by 11%.
Stealing data, also called information theft, is still the most common target and has the costliest repercussions for organizations. For this reason, it often gets the most attention, but stealing data is not the only goal for modern hackers.
Participants in the study also identify core systems like industrial controls as the target of cybercrime. Furthermore, to gain unbridled access into a company’s infrastructure, the types of attacks, targeting techniques and impacts within an organization are changing scope too.
Research indicates that hackers are now zeroing in on humans as an entry point, which research shows, is the weakest link in cybercrime defense. To exploit this vulnerability, hackers are increasing attacks like:
Phishing is when a hacker sends a fraudulent email posing as a legitimate entity and makes a request for personal information. Often these emails are disguised as a statement from a bank, or credit card company, asking the recipient to click a link, download an attachment, or provide personally identifiable information which will then benefit the attackers.
Ransomware often starts via a phishing scheme, but leads to the instant encryption of either a whole hard drive of a computer or specific files, rendering them inaccessible.
Ransomware will then present users with an ultimatum: either pay a fee to regain access over data or lose the information forever.
Like phishing, social engineering attacks are a scheme for cybercriminals to obtain sensitive information that can be used to steal someone’s identity. For example, a social engineering attack can come by way of:
- A criminal calling your phone posing as an employee of a company or organization like a bank, and asking for sensitive information like bank account numbers, online credentials and passwords
- Online phishing schemes that ask users to reveal data to what they think is a trusted website
- Malware attacks on a users’ address book where the virus sends emails –with a malicious link attached- to all of the victims’ contacts
Each of these human-attacks is preventable so long as you and your staff know how to avoid them.
So, what can you do to minimize human error?
As evidence shows that people-based attacks are growing, it becomes increasingly important to coach your staff about the rise of phishing, ransomware, and social engineering attacks. It’s also critical to keep a close eye on malicious insiders, who may perpetuate cyberattacks.
In order to protect your company, you need policies and protections to govern day-to-day activity:
Backup your data
If your data is held hostage by a malware attack, having data backup is one way to minimize the damage and improve business continuity after a virus hits. Backing up your information means, at the very least, you shouldn’t have to pay ransom during a ransomware attack.
Test your staff
Send occasional emails to your staff that simulates a phishing scheme to see if your staff falls for the tricks. If they do, educate them on what to look for in a false email, and the repercussions of clicking on infected links.
Instill password policies
If humans are your first line of defense, passwords are your second.
Ensure that your organization has instilled password policies that require a certain mix of uppercase, lowercase, numeric and symbols for complexity. Additionally, changing passwords regularly can help minimize the risk of a hack.
To create the most secure passwords possible, it’s wise to enlist the help of a service like EZPD so your passwords can be created, and regenerated without the “human component”, which inherently weakens the password strength.
Also, with EZPD’s proprietary software, your passwords are virtually invisible, making them nearly impossible to hack.