Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

research

Ramnit Trojan resumes attacks on European financial institutions

960 640 Stuart O'Brien

The Ramnit banking Trojan has returned to its old hunting ground after recent forays into the e-commerce space,

The discovery follows analysis by F5 Labs and F5’s EMEA-based F5 Security Operations Center (SOC) examining active Ramnit banking Trojan Malware configurations in February and March 2019.

All signs indicate that Ramnit’s authors are —once again—largely targeting financial services websites to coincide with Tax return activity, primarily in Italy.

Ramnit was previously hitting the headlines during the 2018 holiday season for shifting its attack focus to US e-commerce sites1.

In the most recent studied Ramnit sample active in March this year, the Trojan’s authors were primarily focused on financial services and financial tech sites in Italy (40% of all attacks). 9% of attacks were aimed at the UK and 8% at France2. Overall, 70% of all Ramnit targets in March were European, 27% American and 3% were located across the rest of the world3.

Interestingly, while social networking sites made up a smaller portion of targets observed in February and March, some of the biggest social networking platforms in the world were still under fire, including Twitter, Facebook, Tumblr, and YouTube. 

In other notable developments, F5 Labs was able to discover how this March’s Ramnit configurations are continually adapting, including scaling web injection tactics4 to attack websites5. An interesting innovation in this respect entailed going after targets with no link to a specific company or website.

Instead, several words in French, Italian, and English were added to the mix in the hope of catching random websites. Along with the simple word targets, Ramnit also included the name of an Italian Opera and a few misspelled domain names. 

“Ramnit is a persistent banking Trojan that first emerged in 2010 as a less sophisticated form of a self-replicating worm. Today, both its tactics and targets have evolved to include many other industries. It is highly adaptable, as we can see with this recent shift back to the financial sector, as well as its authors’ new attempt to expand the attack surface,” said Roy Moshailov, head of security and malware research, F5 Networks.

“It is critical for banks and financial institutions to implement web fraud protection solutions to protect their customers and to help ease the burden of fraud expenses—especially banks that are actively being targeted. Other industries also need to be aware of attackers’ increasingly clever techniques so they can take similar precautions. The main thing is not to be complacent. Because Trojan malware is typically installed through phishing or malicious advertising, it’s also vital that all organisations to provide security awareness training to employees and clients.”

Image by dawnfu from Pixabay

Cybersecurity’s biggest asset: Why use the cloud?

960 640 Guest Post

The cloud is one of those hot buzzwords that gets thrown around a lot both in the tech world and in our daily lives.

No longer reserved for IT departments alone, the cloud has become something that we depend upon greatly, especially in the way companies go about their business. And it’s about to become even more important.

In fact research shows that companies are looking to drastically increase their investment in the cloud in the coming years. Morphean recently conducted an independent survey of more than 1500 IT decision makers across Europe to discover their views on cloud services. The survey reported:

  • 78% expect their spending on the cloud to increase in the next two to five years
  • 47% said their internal data would be cloud processed within the same time frame
  • 45% said they would definitely consider migrating their physical security systems, such as video surveillance, to the cloud

There’s no doubt that the cloud is becoming a more important part of everyday business dealings, but some people still have reservations about the safety of this storage system, and whether or not it is worth it. We believe it is, and let us tell you why. 

But what exactly is the cloud?

Short for ‘cloud computing’, the cloud is essentially a terrestrial home for your data. So instead of being stored on the computer in front of you, it’s stored somewhere else, or in multiple places, and it is up to a network of servers to take you to it.

Some everyday examples you may recognise include the Apple iCloud, Dropbox, Google Drive, Microsoft OneDrive, and even Netflix.

Is the cloud the future of cybersecurity?

Unfortunately, the cloud has received some negative press in the last few years in regards to security and safety. In fact, according to the Morphean survey, 45% of people cited security risks as being their biggest obstacle to instigating a full move across to the cloud. 

The only way to truly protect your information is to lock it up underground, but you can rest assured that the cloud is far safer than information stored on a local device. Cloud computing services have more complicated security methods in place than the average computer owner can come up with. Any wannabe hackers would then have to get past the cloud system’s first line of defence; encryption.

Encryption is the practice of using complex algorithms to protect your data. In order to get past these algorithms, the hackers would need something called an encryption key. 

But it’s not all down to these intricate and convoluted systems. In fact one of the biggest threats to cloud security is the barriers set by individual people. In other words, easy-to-guess password and security questions. 

Above we talked about negative press aimed at the cloud over the past few years, most notably the infamous Apple hack where celebrities had photos stolen and leaked. The media reported that the cloud had been hacked, which led to a drop in public confidence and has no doubt contributed to people’s existing fears. In reality the cloud itself wasn’t hacked, but rather the accounts of individuals who used the cloud to store their data.  

The truth is that the cloud is incredibly safe and secure, but it’s up to individual users to do their part. That means choosing strong passwords by adding letters, numbers and symbols, using different passwords for different accounts, and avoiding using passwords that relate to your personal life.

But if that’s not enough to convince you of the cloud’s excellent security systems, did you know that online retailing giant Amazon runs its entire business off of its own cloud service, AWS? 

Other benefits of using the cloud

It’s not only the increased security that comes along when you start using the cloud. Here’s a few more that you can expect for your business.

Continuity

No matter what kind of industry you are in, having a continuity plan in place is vital for protecting your sensitive data and systems. Disasters can strike at any time and for a whole multitude of reasons, ranging from the weather and natural disasters to power failures. By having your information stored off-site in the cloud, you can rest assured that it is backed up and protected in a secure and safe location. Even if you have to move office, you will be able to access and download your data from any location with internet, therefore minimising your downtime and avoiding loss of productivity.

Working flexibility

The world is getting smaller. Not literally of course but modern technology is drastically reducing businesses’ needs for a physical office with staff present 100% of the time. The cloud helps to make this even more possible by granting flexibility in staff’s working practices. Once employees are able to access their work from home, on their commute or even on holiday – anywhere with an internet connection – suddenly the whole world is your office.

Scalability

When it’s time to scale your business up, purchasing and installing upgrades to your storage needs can be both expensive and incredibly time consuming. But when you work with the cloud, everything can be done quickly to suit your exact needs. Whoever provides your cloud computer services will be able to handle all upgrades for you, leaving you free to get on with the important task of running your business.

It’s natural for any business owner to be concerned about the safety and security of their important data. Your business is your baby, and you of course want to protect it. The cloud is undoubtedly the best option and as research shows, more and more businesses will be placing their trust in this extraordinary technology, for more than its safety benefits, to further their growth and secure a strong future.

Image by Patricia Alexandre from Pixabay

Survey reveals increasing IT investment in containers

960 640 Stuart O'Brien

87 percent of IT professionals are now running container technologies, with 90 percent of those running in production and 7 in 10 running at least 40 percent of their application portfolio in containers.

That’s up considerably from two years ago, when just 67 percent of teams were running container technologies in production, according to the 2019 Annual Container Adoption Survey from Portworx and Aqua Security.

The report features insights from over 500 IT professionals across a variety of industries and company sizes. The survey, conducted in April and May, asked questions about the state of container usage, tooling, environments and barriers to adoption, to get a snapshot of the container market landscape today and its evolution over time.

Yet despite their pervasiveness, the report highlights that containers aren’t without hurdles: when asked to name their top challenges to container adoption, respondents most frequently cited security (51%), data management (40%) and cross-cloud/multiple cloud support (36%). 

Other Key Findings:

  • Organisations are making bigger investments in containers. In 2019, nearly one in five organisations is spending over $1 million annually on containers (17%). Compare this to just four percent in 2016.
  • Data security tops the list of security challenges with a super majority of respondents (61%) listing this as their top security challenges, followed by vulnerability management (43%) and runtime protection (34%).
  • For the third year in a row, increasing developer speed and efficiency is the primary driver of container adoption with 37 percent of respondents listing it as the top benefit.
  • When asked which team bears the main responsibility for container security, most (31%) named the organisation’s security team, with a joint responsibility or DevSecOps in second place (24%). However, respondents’ own roles influenced their answer, with 47% of DevOps respondents naming DevSecOps as the main owner and 54% of Security respondents named Security as the main owner. 

Download the full 2019 Portworx & Aqua Security Container Adoption Survey Report here.

Digital skills shortages ‘costing UK £63bn a year’

960 640 Stuart O'Brien

A lack of technical expertise has fuelled skills shortages across the UK for the last two decades.

That is according to comparative analysis of the professional jobs market by The Association of Professional Staffing Companies (APSCo).

A 1999 report from University College London said almost half (47%) of all ‘skill-shortage vacancies’ that year could be attributed to a lack of technical expertise.

For ‘associate professional and technical’ roles, the need for ‘advanced IT’ skills was responsible for 31% of vacancies, while a lack of ‘other technical and practical skills’ were responsible for a further 49% of all open roles.

A separate report published the same year by Computer Weekly revealed that C++ developers were the most in-demand professionals with Java the second most sought-after skill in the IT recruitment market.

Now, research from The Edge Foundation suggests that around half of all employers (51%) have been forced to leave a role open because there are no suitable candidates available, and that tech job vacancies are costing the UK economy £63 billion a year.

LinkedIn data indicates that cloud and distributed computing is the most valued skill among employers, with user interface design, SEO/SEM marketing and mobile development also featuring in the top 10.

Commenting on the analysis, Ann Swain, Chief Executive of APSCo, said: “While the specific skills that employers are seeking have changed dramatically over the past two decades, the fact that talent gaps continue to be aligned with technical competencies suggests that we need to do more to boost Britain’s digital capabilities.

“Our members have long reported shortages of talent across the IT and digital fields. For this reason, it is crucial that we ensure that we retain access to the STEM professionals that businesses need in the short term – through maintaining access to global talent and retaining our flexible labour market.

“However, perhaps more importantly, we must pipeline the calibre and volume of skills we need for the future so that we break free from this perpetual skills shortage. As this data indicates, for the past 20 years we have been playing catch-up – and we must break the cycle if individual businesses, and the wider UK economy, are to fulfil their full potential.”

Cyber attacks rise as readiness levels fall

960 640 Stuart O'Brien

A sharp increase in the number and cost of cyber attacks is the key finding in a study of more than 5,400 organisations across seven countries, commissioned by insurer Hiscox.

More than three out of five firms (61 per cent) report one or more attacks in the past year, yet the proportion achieving top scores for their cyber security readiness is marginally down year-on-year.

The Hiscox Cyber Readiness Report 2019 surveyed a representative sample of private and public sector organisations in the US, UK, Belgium, France, Germany, Spain and the Netherlands.

Each firm was assessed on its cyber security strategy and execution, and ranked accordingly. Only 10 per cent achieved high enough marks in both areas to qualify as cyber security ‘experts.’

Among the key findings:

  •    Cyber attacks reach a new intensity:More than three in every five firms (61 per cent) experienced a cyber incident in the past year, up from 45 per cent in the 2018 report. The frequency of attacks also increased. Belgian firms were the most heavily targeted. 
  •    More small and medium-sized firms attacked this year:While larger firms are still the most likely to suffer a cyber attack, the proportion of small firms (defined as those with less than 50 employees) reporting an incident is up from 33 per cent to 47 per cent. Among medium-sized firms (50 to 249 employees) the proportion has leapt from 36 per cent to 63per cent.
  •    Cyber losses soar:Among firms reporting attacks, average losses associated with all cyber incidents have risen from $229,000 last year to $369,000 – an increase of 61 per cent. For large firms with between 250 and 999 employees cyber-related losses now top $700,000 on average compared with $162,000 a year ago. German firms suffered the most, with one reporting a cost for all incidents of $48 million.
  •    More firms fail cyber readiness test:Using a quantitative model to assess firms for their cyber readiness, only one in ten (10 per cent) achieved ‘expert’ status this year, slightly down from 11 per cent in 2018. Nearly three-quarters (74 per cent) ranked as unprepared ‘novices’. There was a sharp drop in the number of larger US and German firms achieving ‘expert’ scores.
  •    Cyber security spending up by a quarter:The average spend on cyber security is now $1.45 million, up 24 per cent on 2018, and the pace of spending is accelerating. The total spend by the 5,400 firms in the survey comes to $7.9 billion. Two-thirds of respondents (67 per cent) plan to increase their cyber security budgets by 5% or more in the year ahead.

Gareth Wharton, Hiscox Cyber CEO, said: “This is the third Hiscox Cyber Readiness Report and, for the first time, a significant majority of firms report one or more cyber attacks in the past 12 months. Where hackers formerly focused on larger companies, small and medium-sized firms now look equally vulnerable. 

“The cyber threat has become the unavoidable cost of doing business today.  

“The one positive is that we see more firms taking a structured approach to the problem, with a defined role for managing cyber strategy and an increased readiness to transfer the risk to an insurer by way of a standalone cyber insurance policy.”

The study also shows:

  •    Wide disparity in readiness scores: Overall, US, German and Belgian firms score highest on the cyber readiness model, while more than four-fifths of French firms (81 per cent) are in the ‘novice’ category. Along with the Netherlands, France has the smallest proportion of large and enterprise firms that rank as ‘experts’, at 9per cent.
  •    Cost figures skewed by large incidents: Among firms that were targeted by hackers, there has been a sharp rise in the cost of the biggest single incident reported in the past year. The mean cost has jumped from $34,000 to a fraction under $200,000. 
  •    Supply chain incidents now commonplace: Nearly two-thirds of firms (65 per cent) have experienced cyber-related issues in their supply chain in the past year. Worst affected are technology, media and telecoms (TMT) and transport firms. The majority of firms (54 per cent) now evaluate the security of their supply chains at least once a quarter or on an ad hoc basis.
  •    Reasons to be optimistic: The proportion of firms with no defined role for cyber security has halved in the past year – from 32 per cent to 16 per cent – and there has been a marked fall in the number of respondents saying they changed nothing following a cyber incident (from 47 per cent to 32 per cent). New regulation has also prompted action, with 84 per cent of Continental European firms saying they have made changes following the advent of the General Data Protection Regulation (GDPR). The figure for UK firms is 80 per cent.
  •    Rising uptake of cyber insurance: More than two out of five firms (41 per cent) say they have taken out cyber cover in the past year (up from 33 per cent in 2018). A further 30 per cent plan to but only 27 per cent of small firms.

The full report can be accessed here: https://www.hiscox.co.uk/cyberreadiness

Document-based malware increase ‘alarming’

960 640 Stuart O'Brien

Researchers have uncovered what they’re calling an ‘alarming’ rise in the use of document-based malware.

A recent email analysis conducted by Barracuda Networks revealed that 48% of all malicious files detected in the last 12 months were some kind of document. 

More than 300,000 unique malicious documents were identified.

Since the beginning of 2019, however, these types of document-based attacks have been increasing in frequency – dramatically. In the first quarter of the year, 59% of all malicious files detected were documents, compared to 41% the prior year.

The team at Barracuda has taken a closer look at document-based malware attacks and solutions to help detect and block them.

Cybercriminals use email to deliver a document containing malicious software, also known as malware. Typically, either the malware is hidden directly in the document itself or an embedded script downloads it from an external website. Common types of malware include viruses, trojans, spyware, worms and ransomware.  

The Modern Framework for Malware Attacks

After decades of relying on signature-based methods, which could only be effective at stopping a malware strain once a signature was derived from it, Barracuda says security companies now think about malware detection by asking “What makes something malicious?” rather than “How do I detect things I know are malicious?”.

The focus is on attempting to detect indicators that a file might do harm before it is labeled as being harmful.

A common model used to better understand attacks is the Cyber Kill Chain, a seven-phase model of the steps most attackers take to breach a system:

·       Reconnaissance –target selection and research

·       Weaponisation –crafting the attack on the target, often using malware and/or exploits

·       Delivery –launching the attack

·       Exploitation –using exploits delivered in the attack package

·       Installation –creating persistence within the target’s system

·       Command and control –using the persistence from outside the network

·       Actions on objective –achieving the objective that was the purpose of the attack, often exfiltration of data

Barracuda says most malware is sent as spam to widely-circulated email lists, that are sold, traded, aggregated and revised as they move through the dark web. Combo lists like those used in the ongoing sextortion scams are a good example of this sort of list aggregation and usage in action.

Now that the attacker has a list of potential victims, the malware campaign (the delivery phase of the kill chain) can commence, using social engineering to get users to open an attached malicious document. Microsoft and Adobe file types are the most commonly used in document-based malware attacks, including Word, Excel, PowerPoint, Acrobat and pdf files.

Once the document is opened, either the malware is automatically installed or a heavily obfuscated macro/script is used to download and install it from an external source. Occasionally, a link or other clickable item is used, but that approach is much more common in phishing attacks than malware attacks. The executable being downloaded and run when the malicious document is opened represents an installation phase in the kill chain.

Archive files and script files are the other two most common attachment-based distribution methods for malware. Attackers often play tricks with file extensions to try to confuse users and get them to open malicious documents. 

Barracuda says modern malware attacks are complex and layered; the solutions designed to detect and block them are, too.

Detecting and Blocking Malware Attacks

Blacklists  —With IP space becoming increasingly limited, spammers are increasingly using their own infrastructure. Often, the same IPs are used long enough for software to detect and blacklist them. Even with hacked sites and botnets, it’s possible to temporarily block attacks by IP once a large enough volume of spam has been detected. 

Spam Filters / Phishing-Detection Systems —While many malicious emails appear convincing, spam filters, phishing-detection systems and related security software can pick up subtle clues and help block potentially-threatening messages and attachments from reaching email inboxes.

Malware Detection — For emails with malicious documents attached, both static and dynamic analysis can pick up on indicators that the document is trying to download and run an executable, which no document should ever be doing. The URL for the executable can often be flagged using heuristics or threat intelligence systems. Obfuscation detected by static analysis can also indicate whether a document may be suspicious.

Advanced Firewall — If a user opens a malicious attachment or clicks a link to a drive-by download, an advanced network firewall capable of malware analysis provides a chance to stop the attack by flagging the executable as it tries to pass through.

Majority of British businesses fear disruption to business critical apps

960 640 Stuart O'Brien

Nearly 50 per cent of UK organisations do not prioritise the protection of the applications that their business depend on – such as ERP and CRM systems – any differently than how low-value data, applications or services are secured. 

That’s according to an independent survey was conducted among 1,450 business and IT decision makers, primarily from Western European economies, by CyberArk.

It indicated that the respondents felt that even the slightest downtime affecting business critical applications would be massively disruptive, with 64 per cent of UK respondents agreeing that the impact would be severe.

Despite the fact that half of organisations have experienced data loss, integrity issues or service disruptions affecting business critical applications in the previous two years, the survey found that a large majority (68 per cent) of UK respondents are confident that their organisation can effectively stop all data security attacks or breaches at the perimeter.

This brings to light a what CyberArk says is a ‘remarkable’ disconnect between where security strategy is focused and the business value of what is most important to the organisation. An attacker targeting administrative privileges for these applications could cause significant disruption and could even halt business operations.

The survey also found that 70 per cent of organisations indicated they have moved (or will move within two years) business critical applications to the cloud. A risk-prioritised approach to protecting these assets is necessary in this model as well if this transition is to be managed successfully.

“From banking systems and R&D to customer service and supply chain, all businesses in all verticals run on critical applications. Accessing and disrupting these applications is a primary target for attackers due to their day-to-day operational importance and the wealth of information that resides in them – whether they are on-premises or in the cloud,” said David Higgins, EMEA technical director at CyberArk. “CISOs must take a prioritised, risk-based approach that applies the most rigorous protection to these applications, securing in particular privileged access to them and assuring that, regardless of what attacks penetrate the perimeter, they continue to run uncompromised.”

Government challenges UK boards to up cyber security game

960 640 Stuart O'Brien

Boards at some of the UK’s biggest companies still don’t fully understand the potential impact of a cyber attack, according to a government report.

The Government’s Cyber Governance Health Check looked at the approach the UK’s FTSE 350 companies take for cyber security.

The 2018 report shows that less than a fifth (16%) of boards have a comprehensive understanding of the impact of loss or disruption associated with cyber threats.

That’s despite almost all (96%) having a cyber security strategy in place.

Additionally, although the majority of businesses (95%) do have a cyber security incident response plan, only around half (57%) actually test them on a regular basis.

However, awareness of the threat of cyber attacks has increased. Almost three quarters (72%) of respondents acknowledge the risk of cyber threats is high, which is a big improvement of only just over half (54%) in 2017.

The reports says implementation of the General Data Protection Regulations (GDPR) in 2018 has had a positive effect in increasing the attention that boards are giving cyber threats. Over three quarters (77%) of those responding to last years health check said that board discussion and management of cybersecurity had increased since GDPR. As a result over half of those businesses had also put in place increased security measures.

Digital Minister Margot James said: “The UK is home to world leading businesses but the threat of cyber attacks is never far away. We know that companies are well aware of the risks, but more needs to be done by boards to make sure that they don’t fall victim to a cyber attack.

“This report shows that we still have a long way to go but I am also encouraged to see that some improvements are being made. Cyber security should never be an add-on for businesses and I would urge all executives to work with the National Cyber Security Centre and take up the government’s advice and training that’s available.”

Ciaran Martin, CEO of the NCSC, said: “Every company must fully grasp their own cyber risk – which is why we have developed the NCSC’s Board Toolkit to help them. This survey highlights some urgent issues companies will be able to address by putting our Toolkit’s advice into practice.

“Cyber security is a mainstream business risk, and board members need to understand it in the same way they understand financial or health and safety risks.”

Meanwhile, more work is being done to improve the cyber resilience of business, and a new project has been announced that will help companies understand their level of resilience. The cyber resilience metrics will be based on a set of risk-based principles to allow firms to measure and benchmark the extent to which they are managing their cyber risk profile.

Once developed these indicators will provide board members with information to understand where further action and investment is needed.

Brits ‘more likely’ to change spending habits after a data breach

960 640 Stuart O'Brien

The consequences of a data breach have a greater impact in the UK versus the United States, according to new data.

41% of British consumers said they will stop spending with a business or brand forever following a data breach, compared to just 21% of US consumers.  

The research into consumer trust and spending habits was conducted by payment security specialists PCI Pal, and pointed to some clear cultural differences between the two countries.

The survey found that 62% of American consumers would instead stop spending for several months following a security breach or hack, with 44% of British consumers agreeing the same. 

Over half (56%) of all UK respondents were more reticent to give credit card details verbally over the phone than their American counterparts where it was found that four out of every ten (42%) of US respondents were uncomfortable reading out their details.

US consumers were generally less accepting to provide payment details over the phone with only 15% saying they would “hand over their information, no questions asked”, compared to a quarter of UK consumers. Instead 38% of American’s would ask for an online alternative to complete a transaction, while 32% of Brits said they would “hang up and find an alternative supplier.”

“Awareness of data security is something that is on everyone’s radar, yet our UK and US surveys have highlighted some real differences of opinions and traits, when comparing attitudes to data and payment security between the two countries,” said James Barham, CEO at PCI Pal.

“UK consumers certainly seem more guarded with providing personal information, such as payment card details, over the phone, yet the US is catching up fast. Similarly, if a security breach has occurred at an organisation, Brits appear more likely to avoid that organisation in future, and instead go elsewhere. In my opinion, 2019 is the year that organisations need to take steps to provide far clearer assurances to consumers as to how their data is being captured, processed and stored otherwise customers are not going to wait, and they may find them going elsewhere for their purchase.”

Looking at trust in businesses and brands, 55% of UK respondents felt they could trust a local store with their data more than a national company. They felt a local store was more likely to care about their reputation (30%) and hackers were less likely to target a local store as it is smaller (25%) while only 22% felt a national company would be more secure as they follow more security protocols.

In stark contrast, the reverse was true in the US with only 47% of respondents feeling they could trust a local company more than a national chain. In fact, 28% felt a national company would be more secure as they follow more security protocols, while 25% felt they have more money to invest in security protocols. 

Almost a third (31%) of UK consumers stated that they would spend less with brands they perceive to have insecure data practices, compared to just 18% of US survey respondents.

What keeps you up at night? It’s users, isn’t it

960 640 Stuart O'Brien

Ninety-two per cent of organisations’ biggest security is concern is users, with 81% having some degree of concern around security issues.

A new report, What Keeps You Up At Night 2019 – commissioned by security awareness training company KnowBe4 – looked at over 350 organisations globally.

The research was carried out against a background in which AI and machine learning are being leveraged by criminal organisations to help them better understand how to improve their attacks, targeting specific industry verticals, organisations and even individuals.

In the results, increases in the frequency of ransomware, phishing and crypto jacking attacks were experienced by businesses of nearly every size, vertical and locale.

When it came to attack vectors, data breaches were the primary concern, with credential compromise coming in as a close second.

The report says these two issues go hand-in-hand, as misuse of credentials remains the number one attack tactic in data breaches, according to Verizon’s 2018 Data Breach Investigations Report.

Phishing and ransomware ranked next, demonstrating that organisations are still not completely prepared to defend themselves against these relatively “old” attack vectors.

Other key findings from the report include: 

• 92% of organisations rank users as their primary security concern. And at the same time, security awareness training along with phishing testing topped the list of security initiatives that organisations need to implement. 

• Organisations today have a large number of attack vectors to prevent, monitor for, detect, alert and remediate; in terms of attacks, 95 per cent of organisations are most concerned with data breaches.

• Ensuring security is in place to meet GDPR requirements is still a challenge for 64 per cent of organisations, despite the regulation details being out for quite some time.

• Attackers’ utilisation of compromised credentials is such a common tactic, 93 per cent of organisations are aware of the problem, but still have lots of work to do to stop it. 

• When it comes to resources, 75 per cent of organisations do not have an adequate budget.

“2018 was a prolific year for successful cyberattacks, and many of them were caused by human error,” said Stu Sjouwerman, CEO of KnowBe4. “IT organisations are tasked with establishing and maintaining a layered security defence. The largest concern, as demonstrated again in this report, is employees making errors. Organisations must start with establishing a security culture, and in order to combat the escalation of social engineering, they have to ensure users are trained and tested.”