Are hackers really as dangerous as they seem? According to a new report, hackers are so far ahead of current security defenses that “it’s not even a game”.
Instead, these hackers can use strategies that have worked for years. They don’t have to try anything new.
That report comes from Verizon, which performed a benchmark survey of security breaches. The study revealed that criminals have no need to mix up their attack strategies because the same tactics that have worked for years still continue to work.
Security defenses, meanwhile, are stuck in the past and have failed to come up with adequate solutions.
That information was revealed in Verizon’s ninth annual Data Breach Investigations Report (DBIR), which you can read here. That report analyzes security breaches and confirmed data leaks that have occurred over the last year.
In this year’s report, Verizon looked at over 100,000 security incidents and 2,260 confirmed data breaches. The data was drawn from real-world data leaks and security problems experienced at Verizon or one of its 50 contributing partners.
Some of the data comes from the US Secret Service, the European Cyber Crime Center (EC3), UK CERT, and the Irish Reporting and Information Security Service (IRISS CERT). So these aren’t little mom and pop companies being attacked: they’re some of the largest and most information-packed organizations in the world.
Stats Revealed in the Verizon Report
Some of the jaw dropping stats revealed in the Verizon report include:
-Over 99% of attacks compromise systems within days
-80% of attacks compromise systems within minutes of launching the attack
-Two thirds of attacks are able to extract data from the attacked companies within days, while one fifth of the attacks extract data within minutes
-Less than one quarter of breaches were detected while they were taking place, which means most attacks allowed the attackers to get away without detection
-In most cases, the company itself never realizes it has been breached until it receives an alert from a third party (like a security researcher or a law enforcement agency)
-Two thirds of all breaches involve the use of weak passwords or stolen passwords (this is the weakest link in the chain of defense for many organizations)
-Today’s attacks rely on a similar approach: attackers steal credentials, use those credentials to gain access, plant malware, then steal data from the servers using that malware
Phishing is the Number One Attack Strategy
Phishing is as old as the internet: ever since we’ve been able to contact people anonymously online, we’ve seen phishing attacks take place.
Today, most major attacks on companies and organizations involve phishing in some way or another. Phishing remains a huge problem and is a major commonality in breaches.
Nearly one third of phishing emails get opened, and one in ten recipients opens the attachments to that email, according to the Verizon report.
That number is actually higher than it’s been in previous years. That tells us attackers are getting smarter about their phishing emails – or people are getting dumber.
How to Protect Yourself
Today’s hackers often put significant research into their attacks, scanning your LinkedIn page, your social media accounts, and your organization’s history in order to make the emails seem like they came from a real person for a legitimate purpose.
If you want to avoid ransomware, spyware, and malware appearing on your organization’s servers, then you need to educate your employees and use two factor authentication. It’s as simple as that.