Analysis: Verizon's Breach Report 2018Organized Cybercrime Now Accounts for 50 Percent of Breaches; Ransomware Attacks Double
Verizon's 11th Annual Data Breach Investigations Report reveals that half of data breaches in 2017 worldwide were orchestrated by organized cybercriminal groups, says Ashish Thapar, managing principal - APJ for Verizon Enterprise Solutions' Threat Research Advisory Center.
DDoS, phishing, ransomware and command-and-control related attacks have emerged as prominent threats, he points out in an interview with Information Security Media Group. And insiders and human error still continue to contribute to a vast majority of breaches, he notes.
Email remains the prominent malware delivery vector, the study shows. Companies are three times more likely to be breached by social attacks than by technical vulnerabilities, Thapar says. And 12 percent of all attacks came from nation-sates and affiliated threat actors, he says (see: Forecast 2018: Nation-States Test Offensive Waters).
"Many organizations feel that they are up against script kiddies - guys who are there for fun, ideological reasons, or bear a grudge," Thapar says. "However, what we are seeing is that organizations are up against very highly resourced, highly funded and very well organized groups. Therefore, it is pertinent today for organizations to up their cybersecurity game."
Thirty seven percent of malware used in attacks was unique - which means it was never used again, he says. Some 39 percent of malware-related breaches involved ransomware, and it now ranks as the top form of malicious software.
The number of ransomware attacks has doubled in each of the last two years, Thapar explains. And ransomware is now shifting from targeting end-user devices to attacking server-class devices, the report shows.
In this audio interview (see player link below image), Thapar discusses:
- 2018 global trends from the report;
- Report methodology and findings;
- Essential takeaways for security professionals.
Thapar is the managing principal for the Asia Pacific and Japan region in the VTRAC team at Verizon Enterprise Solutions. In this role, he is responsible for all customer-facing cyber incident response, digital forensics, electronic discovery and IT investigations. Previously, Thapar was responsible for the business and portfolio management of Verizon's security professional services team in Asia.