Cyberespionage most common form of breach

Cyberespionage most common form of breach [Image: djedzura via iStock]

Cyberespionage is now the most common type of attack seen in manufacturing, the public sector and even education, according to the Verizon 2017 Data Breach Investigations Report (DBIR).

Almost 2,000 breaches were analysed for this year's report and it was found that more than 300 were espionage-related, many of which began as phishing emails.

Verizon also found that criminals made even more use of ransomware to extort money from victims, with this year seeing a 50 per cent increase in these attacks compared to 2016. However, despite this increase and associated media coverage surrounding ransomware, the research revealed that many organisations are still relying on out of date security measures and aren't investing in security precautions.

Verizon said that these companies are actually choosing to pay a ransom demand instead of investing in security services that could prevent a potential cyber attack.

George Fischer, president of Verizon Enterprise Solutions, said: "Insights provided in the DBIR are leveling the cybersecurity playing field. Our data is giving governments and organisations the information they need to anticipate cyber attacks and more effectively mitigate cyber risk.

“By analysing data from our own security team and that of other leading security practitioners from around the world, we're able to offer valuable intelligence that can be used to transform an organisation's risk profile."

The report also found that 51 per cent of data breaches analysed involved malware. Ransomware rose to the fifth most common specific malware variety.

Phishing is still a popular tactic used by criminals, according to the report. Verizon found that 95 per cent of phishing attacks were linked to software installation on the victim’s device. Meanwhile, 43 per cent of data breaches utilised phishing, and it is used in both cyber-espionage and financially motivated attacks.

According to the report, smaller companies are also a target. Some 61 per cent of victims analysed by Verizon were businesses with fewer than 1,000 employees.