This is the tenth year that Trustwave has been publishing their security report, which is based on a careful analysis of their own internal research, data-breach investigations, and reports on international cybersecurity events. In the years since the company’s first report there has been a notable shift: where cybercriminals once cast as wide a net as possible, indiscriminately pursuing weaknesses wherever they could find it, they are now identifying high-value opportunities, carefully assessing vulnerabilities and taking advantage of them.
The 2018 report details the persistent insidious activities of individuals, criminal syndicates, and rogue nations as well. If your role is managing risk in your organisation, you should know:
North American businesses are the top targets – though cybercrime is an international problem, 43% of all data breaches reportedly took place in North America, with the Asia Pacific region following at 30%. A combination of Europe, Africa and the Middle East represented 23% of attacks and Latin America represented 4%.
Retailers are at risk – when identifying the types of businesses that are most frequently targeted, retail leads with 16.7%, while finance and insurance industries are not far behind at 13.1% and hospitality representing 11.9%. Of note was a sharp increase in the number of service providers that were targeted this year. Just two years ago, so few of these types of entities reported breaches that they did not register on Trustwave’s report, where for 2018 they represented 9.5% of comprises. Because these companies can be linked to numerous other targets, these threats are particularly of particular concern.
Organization and preplanning by cybercriminals has increased – careful analysis has revealed that cybercriminals are spending extensive amounts of time searching for vulnerabilities and developing tools with which to exploit them. Some attacks have involved cross-site scripting, SQL Injection, Path Traversal, Local File Inclusion, and Distributed Denial of Service, while others have allowed eavesdropping and command of sensitive information in web applications.
The human element remains the weak link – the most prevalent method of compromising an organization remains human trust. There have been a growing number of executives who have been tricked into authorizing fraudulent financial transactions.
Despite the best efforts of organizations to protect themselves, the number of cyberattacks is expected to continue to increase. Trustwave’s chief marketing officer Steve Kelley said, “As long as cybercrime remains profitable, we will continue to see threat actors quickly evolving and adapting methods to penetrate networks and steal data.”
To protect your organization against the very real impact of cyber crime, it’s essential that you do a thorough risk analysis. Think: what could a data breach cost our business?
– in lost income?
– reputational damage?
– in loss of trust?
– in forensic/investigation costs?
– in notifying customers?
– in legal costs?
– in fines?
As well as risk management in systems and processes, you need to protect yourself against the financial impact – with a robust Cyber Insurance program, tailored to your organization actual risk exposures and areas of work. To discuss your cyber liability insurance needs, get in touch with us today. Get a free quote here, or call us on 646-665-7737.