Ransomware, phishing attacks escalated in 2017
Posted On: Feb. 20, 2018 10:22 AM CST
An 18% increase in ransomware incidents and a new type of phishing attack are just two of the emerging threats with which organizations had to cope in 2017, according to a Beazley P.L.C. report released Tuesday.
The London-based specialty insurer’s 2018 Breach Briefing, based on over 2,600 data incidents experienced by its policyholders in 2017, says that a new type of phishing attack aimed at changing direct deposit information and potentially opening lines of credit emerged in 2017. Beazley said it handled 54 such incidents in 2017, with more than half — 54% — in the higher education sector. Other sectors included health care, 30%; professional services, 5%; retail, 5%; and manufacturing, 4%. Eighty-four percent hit middle-market enterprises.
Companies can help combat such attacks by using two-factor authentication for external access to all applications, by educating and training employees about phishing, and by enforcing strong password policies, the report said.
Ransomware also remained a major threat, with the number of incidents rising 18% in 2017, the Beazley report said. The health care sector led the way with 54% of attacks, followed by the financial and professional services sectors with 12% each, manufacturing at 7%, and education and retail at 6% each.
Companies can help protect against cyber extortion by training employees on the indicators of ransomware and malware and how to identify phishing emails, hardening network devices with secure configurations, and taking advantage of threat intelligence resources, the report said.
The report also described a rise in sophisticated social engineering schemes associated with inducing an employee into making a wire transfer or other electronic payment to a bank account controlled by the cyber criminal. There was also an increase in W-2-related phishing scams.
Business interruption and contingent business interruption will increase in 2018, the report said.
Manufacturers lost tens of millions of dollars due to the NotPetya malware attacks in 2017, when production lines and deliveries were disrupted or shipping and invoicing were delayed, the report said, adding, “Business interruption from direct attacks is only part of the story. The risk of losses from dependent business interruption continues to increase with the growth of cloud platforms, connected devices and digitization of supply chains.”