Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity News

Verizon 2018 Data Breach Investigations Report: Ransomware still a Top Cybersecurity Threat

cyber 2 responsive default
April 10, 2018

Ransomware attacks are a key cybersecurity threat for global organizations, warns Verizon’s 2018 Data Breach Investigations Report (DBIR). Ransomware is the most common type of malware, found in 39 percent of malware-related data breaches – double that of last year’s DBIR – and accounts for more than 700 incidents. What’s more, Verizon’s analysis show that attacks are now moving into business critical systems, which encrypt file servers or databases, inflicting more damage and commanding bigger ransom requests.

DBIR analysis also flags a shift in how social attacks, such as financial pretexting and phishing, are used. Attacks such as these, which continue to infiltrate organizations via employees, are now increasingly a departmental issue. Analysis shows that Human Resource (HR) departments across multiple verticals are now being targeted in a bid to extract employee wage and tax data, so criminals can commit tax fraud and divert tax rebates.

“Businesses find it difficult to keep abreast of the threat landscape, and continue to put themselves at risk by not adopting dynamic and proactive security strategies,” says George Fischer, president of Verizon Enterprise Solutions. “Verizon gives businesses data-driven, real-life views on the cyber-threat landscape, not only through the DBIR series but also via our comprehensive range of intelligent security solutions and services. This 11th edition of the DBIR gives in-depth information and analysis on what’s really going on in cybercrime, helping organizations to make intelligent decisions on how best to protect themselves.”

Major findings of the 2018 report include:

  • Ransomware is the most prevalent variety of malicious software: It was found in 39 percent of malware-related cases examined this year, moving up from fourth place in the 2017 DBIR (and 22nd in 2014). Most importantly, based on Verizon’s dataset it has started to impact business critical systems rather than just desktops. This is leading to bigger ransom demands, making the life of a cybercriminal more profitable with less work.
  • The human factor continues to be a key weakness: Employees are still falling victim to social attacks. Financial pretexting and phishing represent 98 percent of social incidents and 93 percent of all breaches investigated – with email continuing to be the main entry point (96 percent of cases). Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasizing the need for ongoing employee cybersecurity education.
  • Financial pretexting targets HR: Pretexting incidents have increased over five times since the 2017 DBIR, with 170 incidents analyzed this year (compared to just 61 incidents in the 2017 DBIR). Eighty eight of these incidents specifically targeted HR staff to obtain personal data for the filing of file fraudulent tax returns.
  • Phishing attacks cannot be ignored: While on average 78 percent of people did not fail a phishing test last year, 4 percent of people do for any given phishing campaign. A cybercriminal only needs one victim to get access into an organization.
  • DDoS attacks are everywhere: DDoS attacks can impact anyone and are often used as camouflage, often being started, stopped and restarted to hide other breaches in progress. They are powerful, but also manageable if the correct DDoS mitigation strategy is in place.
  • Most attackers are outsiders: One breach can have multiple attackers and we found the following: 72 percent of attacks were perpetrated by outsiders, 27 percent involved internal actors, 2 percent involved partners and 2 percent feature multiple partners. Organized crime groups still account for 50 percent of the attacks analyzed.

“Ransomware remains a significant threat for companies of all sizes,” says Bryan Sartin, executive director security professional services, Verizon. “It is now the most prevalent form of malware, and its use has increased significantly over recent years. What is interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom – the cybercriminal is the only winner here! As an industry, we have to help our customers take a more proactive approach to their security. Helping them to understand the threats they face is the first step to putting in place solutions to protect themselves.”

Sartin continued: “Companies also need to continue to invest in employee education about cybercrime and the detrimental effect a breach can have on brand, reputation and the bottom line. Employees should be a business’s first line of defense, rather than the weakest link in the security chain. Ongoing training and education programs are essential. It only takes one person to click on a phishing email to expose an entire organization.”

This year’s report highlights the biggest threats faced by individual industries, and also offers guidance on what companies can do to mitigate against these risks.

  • Education – Social engineering targeting personal information is high, which is then used for identity fraud. Highly sensitive research is also at risk, with 20 percent of attacks motivated by espionage. Eleven percent of attacks also have “fun” as the motive rather than financial gain.
  • Financial and insurance – Payment card skimmers installed on ATMs are still big business; however, we’re also now seeing a rise in “ATM jackpotting,” where fraudulently installed software or hardware instructs the ATMs to release large amounts of cash. DDoS attacks are also a threat.
  • Healthcare – This is the only industry where insider threats are greater than threats from the outside. Human error remains a major contributor to healthcare risks.
  • Information1 – DDoS attacks account for over half (56 percent) of the incidents within this sector.
  • Public sector – Cyber-espionage remains a major concern, with 43 percent of breaches being espionage motivated. However, it is not only state-secrets that are a target - personal data is also at risk.

Other industries examined within the report include accommodation and food services; professional, technical and scientific services; and manufacturing and retail.

https://globenewswire.com/news-release/2018/04/10/1467429/0/en/Ransomware-still-a-top-cybersecurity-threat-warns-Verizon-2018-Data-Breach-Investigations-Report.html

KEYWORDS: breaches cyber security cybersecurity incident response ransomware

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Doorway to Cybersecurity

    Verizon 2020 Data Breach Report: Money Still Makes the Cyber-Crime World Go Round

    See More
  • Laptop in darkness

    Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

    See More
  • cyber-theft-freepik1170x658.jpg

    Key trends in the Verizon Data Breach Investigations Report

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products

Events

View AllSubmit An Event
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing