94% of Malware is Delivered via Email
Plus, More Key Findings from the Verizon DBIR Report
Verizon’s 2019 Data Breach Investigations Report (DBIR) reviews real world findings in the area of cybersecurity to provide critical insights about the threats that organizations face.
Data breaches, malware, and phishing attacks can be some of the costliest threats that Central Massachusetts businesses are up against. Because business processes are so dependent on technology, anything that disrupts the IT environment can mean major downtime.
The average cost of a data breach is $3.62 million and approximately 60% of small businesses have to close their doors for good within 6 months of an online attack because they never recover.
Our team has reviewed the Verizon DBIR report to bring you the most valuable insights, along with tips on how to protect your business from the online threats identified.
Key Takeaways on the Biggest Threats That Could Impact Your Business
Online threats are always evolving, so knowing which ones are growing and how to defend yourself is vital. Here’s what the report revealed about cybersecurity weaknesses and what you need to know to shore up your defenses.
Email is Your Biggest Vulnerability
After reviewing real-world data from 41,686 security incidents and 2,013 data breaches, the Verizon report found that a whopping 94% of all malware is delivered by email.
This comes in the form of phishing attacks, which have continued to be a tried and true method to compromise business networks and devices. Phishing has become more sophisticated over the years, using email spoofing and duplicating the logos of well-known companies to fool users.
- User training to identify phishing emails
- Anti-spam and anti-phishing software
- Strong firewall and anti-malware
Social Attacks are a Growing Threat
Phishing attacks aren’t only happening through email, hackers are also using social media as a way to fool users into divulging sensitive information or clicking a malicious link.
33% of data breaches studied included social attacks, which will typically use the direct messaging system of a social media platform like Facebook, LinkedIn, Twitter, etc.
- Don’t allow personal social media use at work
- Instruct employees on how to properly secure their social accounts with privacy settings
Not All Breaches are from Outsiders
34% of data breaches are coming from internal actors, which can be:
- A disgruntled employee
- A negligent employee
- A hacker that’s stolen employee login credentials
Insider breaches are dangerous because they’re more difficult to detect since the perpetrator is using legitimate login credentials to access a company account or system.
- Use two-factor authentication to safeguard logins
- Ensure users have the lowest privilege settings required for their duties
- Deploy credential safeguards that monitor logins (like a cloud access security broker)
You Can’t Trust It Just Because It’s an Office File
Users often trust Office document attachments, like Word and Excel, because they’re familiar. But the macro element in these file formats can turn them into malware delivery vehicles.
Approximately 45% of dangerous file attachments sent in phishing attacks use one of the Microsoft Office file formats.
- Disable macros in Office programs
- Use an antivirus program that scans all file attachments for malware before they can be opened
It’s Not Just Large Organizations That Are Targeted
If you think that no one is going to want to attack your small business and that hackers just go after the “big fish,” you’d be wrong.
Many data breach victims are small businesses. According to the report breach victims were:
- 43% small businesses
- 16% public sector entities
- 15% healthcare organizations
- 10% financial industry entities
Small businesses need to be just as prepared against a data breach as any large enterprise company, and actually more so, because a breach could do much more damage to them proportionate to their business.
- Use cybersecurity best practices
- Regularly review your IT security safeguards for any vulnerabilities
Ransomware is Still Going Strong
Ransomware has settled into becoming one of the main types of malware that hackers use because it creates so much disruption that businesses often pay the ransom just to get back up and running as fast as possible.
Nearly a quarter (24%) of all malware incidents involve ransomware. Ransomware has become so lucrative for cybercriminals that the average payment doubled between 2018 and 2019 to approximately $84,000.
- Regularly backup all your business data (on-premises and cloud)
- Test your data recovery process
- Employ anti-phishing safeguards
Is Your Business Prepared for the Top Cybersecurity Threats?
When was the last time you did a vulnerability assessment of your IT security? Don’t suffer a costly breach, make sure you’re protected! Cleartech Group can review your current safeguards and let you know of any potential weak spots.
Contact us today to schedule your vulnerability assessment. Call us at 978-466-1938 or reach out online.