Ransomware attacks are a key cyber security threat for global businesses, according to Verizon’s 2018 Data Breach Investigations Report (DBIR).
The research found that ransomware is the most common type of malware, having been discovered in 39 per cent of malware-related data breaches – double that of last year’s DBIR – and accounts for over 700 incidents.
Ransomware has begun affecting business critical systems rather than just desktops. This has resulted in criminals demanding higher ransoms. Verizon said this makes the life of a cyber criminal more profitable with less work.
In addition, Verizon said its analysis revealed that attacks are now moving towards business critical systems, which encrypt file servers or databases, inflicting more damage and commanding bigger ransom requests.
The firm said it also found a shift in how social attacks, including financial pretexting and phishing, are being used by criminals. According to Verizon, these kinds of attacks, which continue to infiltrate organisations via employees, are now increasingly a departmental issue.
Financial pretexting and phishing now represent 98 per cent of social incidents and 93 per cent of all breaches investigated, with email still the main entry point (96 per cent of cases).
Companies are also now nearly three times more likely to suffer a breach through social attacks rather than via actual vulnerabilities, which emphasises the need for ongoing employee cyber security education.
Analysis has shown that HR departments are now being targeted in an attempt to extract employee wage and tax data, allowing criminals to commit tax fraud and divert tax rebates.
George Fischer, president of Verizon Enterprise Solutions, said: “Businesses find it difficult to keep abreast of the threat landscape, and continue to put themselves at risk by not adopting dynamic and proactive security strategies.”