Treasury News Network

Learn & Share the latest News & Analysis in Corporate Treasury

  1. Home
  2. Fraud Prevention
  3. ID Systems & Services in Fraud Prevention

Cyberattacks using ransomware up 50%, financial services at risk

Ransomware attacks on companies, in which cyber criminals encrypt sensitive data with malware and then charge to have the data unencrypted, increased by 50 per cent last year, according to a report by a global security firm.

Financial services is most-targeted industry for data breaches

Cyberespionage is now the most common type of attack in manufacturing, the public sector and education, according to Verizon Communications. Its report – Verizon 2017 Data Breach Investigations Report – analyses nearly 2,000 breaches, more than 300 of which were espionage-related, with many starting life as phishing emails. It found that the increase of malware attacks is driven by a proliferation of proprietary research, prototypes and confidential personal data. Financial services was the top industry targeted for data breaches – with 24 per cent of breaches. Healthcare came second with 15 per cent and the public sector third with 12 per cent.

Ransomware now fifth most common type of malware

Some of the report's main findings include:

  • 51 per cent of data breaches analysed for the report involved malware. Ransomware rose to the fifth most common specific malware variety;
  • ransomware – using technology to extort money from victims – saw a 50 per cent increase from last year’s report, and a huge jump from the 2014 DBIR where it ranked 22 in the types of malware used;
  • in last year's report, Verizon flagged the growing use of phishing techniques linked to software installation on a user’s device. In this year’s report, 95 per cent of phishing attacks follow this process. Forty-three per cent of data breaches used phishing, and the method is used in both cyber-espionage and financially motivated attacks;
  • pretexting is another tactic on the increase and is predominantly targeted at financial department employees – the ones who hold the keys to money transfers. Email was the top communication vector, accounting for 88 percent of financial pretexting incidents, with phone communications in second place with just under 10 percent; and
  • 61 per cent of victims analysed were businesses with fewer than 1,000 employees.

Danger of not investing in security

However, the report warns that many companies still rely on out-of-date security solutions and aren’t investing in security precautions. It recommends the following seven steps for companies to safeguard their data:

  1. Stay vigilant - log files and change management systems can give you early warning of a breach.
  2. Make people your first line of defense - train staff to spot the warning signs.
  3. Keep data on a “need to know” basis - only employees that need access to systems to do their jobs should have it.
  4. Patch promptly - this could guard against many attacks.
  5. Encrypt sensitive data - make your data next to useless if it is stolen.
  6. Use two-factor authentication - this can limit the damage that can be done with lost or stolen credentials.
  7. Don’t forget physical security - not all data theft happens online.

Like this item? Get our Weekly Update newsletter. Subscribe today

Also see

Add a comment

New comment submissions are moderated.