October is National Cyber Security Awareness Month—and the perfect time to reflect on whether your business can identify, detect, and respond to threats appropriately. If you don’t have a comprehensive cyber security strategy involving technology, people, and processes, you could be vulnerable. With the average consolidated cost of a data breach tipping 4 million, you ought to spring into action.
Do you know the biggest threats to your cyber security and how to fight them? The “2017 Verizon Data Breach Investigation Report” (DBIR) is a great starting point.
In-Depth Look at Cyber Security Threats
For the last 10 years, this report has served as the industry’s top source for analysis of cyber security incidents and breaches. According to Verizon, the 2017 DBIR is a summary of over 40,000 incidents, including 1,935 confirmed data breaches. The DBIR offers detailed insight into the top cyber security threats that could affect your business, and how to combat them.
The Biggest Cyber Security Threats by Sector
Each industry faces its own unique challenges, and according to the DBIR, these are the top cyber security threats by sector:
- Healthcare. Privilege misuse, miscellaneous errors, and physical theft and loss represent 80% of breaches.
- Retail. Denial of service, web application attacks, and payment card skimming represent 81% of all security incidents.
- Financial and Insurance. Denial of service, web application attacks, and payment card skimming represent almost 90% of all security incidents.
- Educational Services. Cyber-espionage, miscellaneous errors, and everything else represent 67% of all data breaches.
- Public Administration. Cyber-espionage, privilege misuse, and miscellaneous errors represent 81% of breaches.
- Information. Denial of service, web application attacks, and crimeware represent 90% of all security incidents.
- Manufacturing. Cyber-espionage, privilege misuse, and everything else represent 96% of breaches.
- Accommodation and Food Services. Point of sale intrusions, everything else (social phishing and the use of stolen credentials, for example), and privilege misuse represent 96% of all data breaches.
What You Can Do to Mitigate the Risks
In order to mitigate risks, start by limiting software installations and developing proper password procedures. Make sure you can filter remote access to your POS network and only allow connections from whitelisted IP addresses. Use two-factor or multi-factor authentication to help secure all web applications and backup all systems routinely and have them ready to fall back on in case of an attack.
If you have highly sensitive information, keep that data segregated and only allow access to those who require it to perform their job. Limiting user access based on jobs roles should be a top priority. It’s equally important to hold ongoing security awareness training for your entire organization and encourage everyone to report suspicious activity. You should also have a plan in place should an incident occur, that includes incident response and business continuity for your mission critical data.
Who’s Behind the Attacks?
Cyber attacks come from many sources, which is why it’s important to be aware of, and understand, every potential threat. According to the 2017 DBIR there were numerous sources behind these breaches.
The majority of data breaches were performed by:
- 75% were perpetrated by outsiders
- 51% involved organized criminal groups
- 25% involved internal actors
- 18% were conducted by state-affiliated actors
What Tactics Are Criminals Using to Penetrate Your Network?
The number of methods cybercriminals are using to compromise cyber security and create data breaches is expansive.
Top data breach methods include:
- 81% of hacking-related breaches leveraged either stolen and/or weak passwords
- 62% of breaches featured hacking
- 51% of breaches included malware
- 43% were social attacks
What Motivates Cybercriminals?
You may wonder what motivates cybercriminals to act. There are various reasons, but in almost all cases the number one reason cybercriminals steal your data is for financial gain. In fact, 73% of all breaches were financially motivated. Additionally, some cybercriminals steal private data in order to use it for competitive advantage, while others steal for espionage.
How to Predict What Cybercriminals Will Do Next
The DBIR includes nine “Incident Patterns” which can help predict a cybercriminal’s next move. Understanding these areas of concern will be an asset to assist your security professionals decide where and how to invest resources if they are limited. The nine incident patterns are:
- Web app attacks
- Privilege Misuse
- Miscellaneous Errors
- Point of Sale
- Payment Card Skimmers
- Physical Theft and Loss
- Denial of Service
Get the Right Cyber Protection
No matter the level of protection, no system is 100% secure from cybercriminals. However, with a solid understanding of the threats you face, and the knowledge to combat them, you will improve your cyber security. Now is not the time to ease up. Cybercriminals are constantly working to access your private information. They are using every tool at their disposal to take advantage of your vulnerabilities, from human error to weak infrastructure.
Now that that you’re cyber aware, it’s time to defend your company and your livelihood. OnRamp specializes in high security hosting and compliance for all organizations, and our expertise is especially valuable to those with sensitive data. Contact us to discuss how we can protect your valuable data, together.
Additional Resources on this Topic:
State-Affiliated Hackers Responsible for Nearly 1 in 5 External Data Breaches: Verizon DBIR
The Password Problem: Poor Cyber Hygiene Letting Cybercriminals Clean Up
Cyber-Spies Go Mainstream, Blamed for One in Five Breaches