Chubb Corp. reported that small-and-medium-sized companies are targets of cybercriminals as these firms digitally transform their business processes online.
Business Insurance stated that hackers continue to use phishing as their primary means of gaining access to firms’ systems, says a law firm in a data security incident response statement.
Phishing was the attack vector in 37% of the more than 750 incidents that Cleveland-based Baker & Hostetler LLP helped manage in 2018, according to its fifth annual Data Security Incident Response Report, issued Friday.
Phishing “is simple and effective, and it often goes undetected,” says the report. “The most common phishing scenario we saw was a message designed to trick a user into providing Office 365 account credentials,“ the report said.
As more assets are moving into the cloud “where they can be accessed with just a username and password, the importance of using a multipronged approach to address this risk is critical,” the report says.
Phishing was followed closely by network intrusions, with some form of intrusion occurring in 30% of incidents, the report said,
The report also analyzes ransomware, reporting that 91% of the time an encryption key was received when the ransom was paid. The average ransom paid last year was $28,920 according to the report, with $250,000 the largest ransom paid in 2018, although in 2019 three firms had already paid ransoms of at least $1 million.
The report states that while entities feel compelled to be transparent by making an external statement early in an incident’s investigation, “Unfortunately, these early statements are often wrong. Within the first 72 hours of awareness, most entities have not even contained the incident, let alone learned its scope.”
Cybersecurity & Data Protection
The report also states that over the past several years, there has been a split in the types of litigation filed in response to these incidents. As entities have taken measures to reduce incidents involving the loss or theft of unencrypted data, class actions filed over data’s physical theft have decreased and class actions involving criminal attacks on networks have increased, according to the report.
Chubb Corp. stated in a report issued in February that small- and medium-sized entities are particular targets of cybercriminals as these firms increasingly digitally transform their business processes, although there are steps they can take to protect themselves.
Greenwald, Judy. (2019, April 5). Phishing remains most popular cyberattack vector: Report. Business Insurance.
Secure Your Digital Life
Strengthen your first line of defense with Prilock’s Security Awareness Training & Phish Simulation. With gamification lessons, your employees are having fun while learning and retaining how to secure their digital lives. With full reports, you will see their progress. At the completion of training, users take an assessment test to confirm their new knowledge and receive a certification of completion, demonstrating that they understand the best practices to secure data.