Verizon’s new Data Breach Investigations Report revealed that legitimate user credentials were used in most data breaches, and the predominant actors in most data breaches were external. Around 63% of the hackers used weak, default, or stolen passwords to conduct data breaches. Hackers also liked to use malware, phishing, and keyloggers to access confidential data. This time around, hackers weren’t after financial gain, as they were in 2013. In 2016 external actors instead preferred to conduct cyber espionage to gather confidential intelligence. Cyber espionage features external threat actors who infiltrate networks to steal confidential information. The actors are usually state-backed cyber attackers, or organized cybercriminal rings.
Cyber espionage was the big concern this year, but the 95% of confirmed Web attacks were financially motivated. Web attacks encompassed both stolen credentials and attacks via content management systems. The report found that web plug-ins often have vulnerabilities, so companies have to worry about many layers in their web applications. Hackers targeting ecommerce companies tend to go after the web app because of the vulnerability of web plug-ins. Web app attacks increased by 33% in 2015, and were mainly targeted at financial services firms.
Phishing is one of the biggest tactics criminal rings use to conduct cyber espionage, and companies worry that attackers can bypass security devices and gain a foothold on an endpoint in the organization through a remote attack. Companies now have to set focus on strong endpoint protection because hackers are targeting end users through phishing scams. Employers should worry that a phishing scam will make their networks vulnerable to malware, especially since malicious software was involved in 90% of the studied cyber espionage incidents last year. The malicious software was delivered to end users either by email, web drive-by, or direct and remote installation, highlighting the importance of securing company endpoints.
The best ways to protect your endpoints from threats is by:
- Making browser and plug-in updates automatic throughout the network, so attackers can’t exploit security vulnerabilities in web apps.
- Regularly monitor networks for unauthorized activity and software, so attackers don’t go unnoticed for months while they steal data.
- Using Endpoint Threat Detection and Response security software to secure all endpoint assets, not just what’s running on the network.
Attackers are figuring out how to infiltrate networks and compromise data faster, but victims are still slow to detect a cyber breach. The DBIR found that 82% of attackers were able to compromise victims within minutes, and 67% of the hackers were able to steal data within a few days. About 21% of attackers were able to compromise networks within minutes, but less than 25% of victims were able to detect a cyber attack in a day or less. Promisec Endpoint Manager (PEM) gives companies the tools they need to keep their networks safe from attacks that target endpoints. PEM offers malware protection to keep companies and organizations safe from security breaches. Cyber espionage is a rising threat to endpoint security, but PEM can keep confidential data secure.