More and more hackers are attacking firms for monetary gain according to 2019 Verizon Data Breach Investigation Report (DBIR). And these hackers are focusing on small businesses whose cybersecurity defenses are much less sophisticated than bigger companies.
Nicole Lindsey outlines the changing cybersecurity challenges in this report from CPO Magazine:
One key finding of the Verizon data breach report focused on the specific industries that are being targeted most frequently by hackers. Overall, small businesses accounted for 43% of all data breaches. Other industries and sectors that came under attack in the past year included public sector entities (15%), healthcare organizations (15%) and financial services companies (10%).
The Verizon data breach report also investigated the motives of the cyber criminals, finding that an astounding 71% of the security incidents were financially motivated. The rise of ransomware, for example, has made hacking much more profitable for cyber criminals. By threatening to disable a computer system and wipe out the data of any organization, hackers can force these organizations to pay a large ransom fee. Another 25% of the security incidents were related to cyber espionage.
Brian Higgins, security specialist at Comparitech.com, commented on the rise of ransomware as a new preferred tactic of global hackers: “Ransomware is the ‘New Black’ for cyber criminals. It’s easier than trading in stolen credit card details, less reliant on TOR and a far more reliable money maker because, unfortunately, it’s still easier to pay up than report it, even with GDPR hanging over your head.”
[..]
One big theme, for example, is what some security researchers refer to as the “detection deficit.” The time between an attack on an internal system and the discovery of that attack is still far too long. In fact, according to the Verizon data breach report, 56% of data breaches took “months” to discover. That’s far too much time for hackers to have access to a computer system. Even if they are not actively exfiltrating data during that time period, they are probably inserting back doors and escalating their internal security privileges for later attacks.
