A recent report has revealed that humans remain the weakest link in cybersecurity, and it has identified measures on how to prevent attacks and mitigate damage – including the ever-increasing importance of cyber insurance.
The report incorporated data from 450 breaches to companies, which ranged from $100 million to $1 billion in revenue across insurance, financial services, retail, and other sectors, in 2016.
According to
BakerHostetler’s 2017 Data Security Incident Response Report, companies are vulnerable not only because of rank-and-file employees who get duped by phishing scams, but also from a false belief that the new technologies they’ve purchased will protect them from all dangers,
Computerworld reported.
The report found that at 43%, phishing, hacking, and malware, accounted for the majority of incidents for the second consecutive year, a 12% rise from the firm’s incident response report in 2015. Human error was found to have initiated 32% of incidents, while 23% were initiated via ransomware. A further 18% occurred due to lost or stolen devices, and another 3% were based on internal theft.
Want the latest insurance industry news first? Sign up for our completely free newsletter service now.
Theodore Kobus, leader of BakerHostetler privacy and data protection team, said phishing is particularly difficult to stop, because digital natives are programmed to reply to emails fast. They also tend to fall prey to emails that appear to come from their CEO, CFO, or co-worker but, in actuality, contain a malicious payload, the report said.
“Phishing scams are never going to go away,” Kobus said. “No matter what technology we put in place, no matter how much money we spend on protections for the organization, we still have people and people are fallible.”
To address the rise of such social engineering attacks, Kobus urged IT leaders to warn their employees to take their time to consider such emails, and if possible, contact a colleague to verify if they sent the message.
The report also revealed that ransomware attacks have increased by 500% year-over-year, with BakerHostetler responding to 45 such incidents last year. The firm saw several demands in excess of $25,000, almost all of which demanded payment via Bitcoin.
In order to defend against growing cyber threats, Kobus said companies must go back to basics, starting with proper training and planning of cyber defenses, rather than simply buying the latest cybersecurity technology.
Basic security measures, he said, include acquiring an appropriate cyber insurance policy.
Related stories:
Humans, a weak link in cybersecurity
Cyber insurance needs to keep up with evolving threat landscape