Security attacks are rising in sophistication and effectiveness

An annual cross-industry survey by Verizon shows that the sophistication of cyberattacks from outside the walls of institutions continues to rise, and the results can be particularly devastating to healthcare organizations.

Phishing email attacks continue to be effective gambits for hackers, as does “pretexting,” a form of social engineering used to obtain sensitive information for a false reason. Pretexting and phishing represent 98 percent of social media-related attacks and 93 percent of all investigated breaches.

While about 78 percent of people did not submit critical information during any phishing attack in the last year, the survey found that at least four percent of were fooled by more than one phishing campaign, and a criminal only needs one victim to get access to the network of a healthcare organization or other types of businesses.

Ransomware continues to flourish and was used in 39 percent of malware-related data breaches in Verizon’s investigation. Attackers now target business-critical systems and encrypt file servers, databases and human resources departments, inflicting more damage and commanding larger ransom demands.

“Ransomware remains a significant threat for companies of all sizes,” says Bryan Sartin, executive director of security professional services at Verizon. “It is now the most prevalent form of malware, and its use has increased significantly over recent years. Providers are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom. The cybercriminal is the only winner here.”

Verizon-CROP.jpg
This is the Verizon building at 1095 6th Avenue in New York, as seen from the Rainbow Room atop NBC studios in Rockefeller Plaza, July 26, 2004. Photographer: Rick Maiman/Bloomberg News.

The Verizon research found that healthcare employees remain the largest data security threat to provider organizations, outstripping risks from outside attackers. In fact, healthcare is the only industry segment in which internal actors caused a higher percentage of cyberattacks (56 percent) than external actors (43 percent).

Verizon’s research covered accommodation, food services, manufacturing, retail, and professional, technical and scientific services, as well as healthcare.

Across all industries, 68 percent of breaches took two months or longer to be discovered. Even so, hackers are working quicker to access data, with Verizon research showing that 87 percent of the breaches had data compromised within minutes or less of an attack taking place.

Also See: 8 top ways that provider employees put data at risk

“Companies need to continue to invest in employee education about cybercrime and the detrimental effect a breach can have on a brand, reputation and the bottom line,” Sartin warns. “Employees should be the first line of defense rather than the weakest link in the security chain.”

In addition to improving the defensive posture of employees, Verizon offers several other steps to reduce cyber exposure:

  • Stay vigilant by using log files and change management systems that give an early warning of a breach.
  • Keep data on a “need to know” basis. Only employees needing access to information systems to do their jobs should have it.
  • Patch vulnerabilities promptly, as this practice can guard against many types of attacks.
  • Encrypt sensitive data, making it useless if stolen.
  • Use two-factor authentication software to limit damage that can be done with lost or stolen credentials.
  • Don’t forget physical security because not all data theft happens online.
For reprint and licensing requests for this article, click here.