Cyber incidents targeting businesses nearly doubled in 2017 from 2016, according to a just released report.
Incidents jumped to 159,700 last year from 82,000 in 2016, according to the report from the Online Trust Alliance (OTA).
OTA found in 2017 there were 134,000 ransomware attacks on businesses, nearly doubling that of 2016, according to the report. In mid-2017 another type of ransomware attack emerged—the ransom denial-of-service attack (RDoS). In this attack, criminals send an email to domain owners threatening a DDoS attack that will make a website inoperable unless a ransom ends up paid.
“Surprising no one, 2017 marked another ‘worst year ever’ in data breaches and cyber incidents around the world,” said Jeff Wilbur, director of the OTA initiative at the Internet Society. “This year’s big increase in cyberattacks can be attributed to the skyrocketing instances of ransomware and the bold new methods of criminals using this attack.”
OTA recommends proactive planning for crisis management, forensics specialists and law enforcement, and suggested organizations prepare by setting up a Bitcoin wallet in the event ransom payment is deemed necessary for a given incident.
As in past years, OTA found most breaches could have been easily prevented. It calculated in 2017, 93 percent of all breaches could have been avoided had simple steps been taken such as regularly updating software, blocking fake email messages using email authentication and training people to recognize phishing attacks.
Of the reported breaches in 2017, OTA found 52 percent were the result of actual hacks, 15 percent were due to lack of proper security software, 11 percent were due to physical skimming of credit cards, 11 percent were due to a lack of internal controls preventing employees’ negligent or malicious actions and eight percent were due to phishing attacks.
The report pointed out key avoidable causes for incidents:
• Lack of a complete risk assessment, including internal, third-party and cloud-based systems and services
• Not promptly patching known/public vulnerabilities, and not having a way to process vulnerability reports
• Misconfigured devices/servers
• Unencrypted data and/or poor encryption key management and safeguarding
• Use of end of life (and thereby unsupported) devices, operating systems and applications
• Employee errors and accidental disclosures – lost data, files, drives, devices, computers, improper disposal
• Failure to block malicious email
• Users succumbing to Business Email Compromise & social exploits