Beazley, a provider of cybersecurity insurance for businesses, has released a new report detailing the biggest security threats in 2016.
For the report, Beazley analyzed almost 2,000 data breaches experienced by its clients in 2016. The report shows the extent to which ransomware was used to attack U.S. businesses last year. Ransomware attacks on businesses in the United States increased fourfold in 2016.
In 2016, Beazley’s clients experienced more than 200 ransomware attacks. According to Beazley’s calculations, we can expect ransomware attacks to continue to increase in 2017. Attacks on businesses are easy to pull off because cybersecurity defenses are not sufficiently advanced to cope with increasingly sophisticated ransomware variants. Beazley predicts ransomware attacks will double in 2017.
Ransomware gangs are now able to scour networks to determine the most critical assets to encrypt, thereby maximizing the probability of ransoms being paid. The attackers are also able to set ransoms based on the value of files that have been encrypted.
Ransomware attacks may be making the headlines, although for most industry sectors, ransomware is far from the biggest data security threat. In fact, the accidental disclosure of data by employees is much more dangerous for companies, according to the report. Accidental disclosures of sensitive information by employees has increased by a third over the course of the past 12 months and accounted for 32% of data breaches tracked by Beazley. In most cases, those breaches involved emails and faxes sent to incorrect recipients and were caused by employee carelessness.
An analysis of data breach types by industry revealed that organizations in education and the financial sector were most affected by hacks and malware. 40% of financial services data breaches and 45% of higher education incidents involved hackers or malware. There was a marked difference in the healthcare industry. 19% of data security incidents involved hacking or malware. 40% of healthcare data breaches were the result of accidental disclosure of sensitive data. Accidental disclosure was involved in 28% of financial services breaches and 29% of higher education breaches.
The healthcare industry was also extensively targeted by cybercriminals using ransomware. The healthcare industry accounted for half of ransomware incidents over the past 12 months.
While it is not possible to implement defenses to prevent 100% of cybersecurity incidents, it is possible to reduce risk to acceptable levels and mitigate the biggest data security threats. According to Beazley, the most important measures are prevention and breach detection tools, the use of threat intelligence services, conducting risk assessments focused on data security risks, and providing cybersecurity training to managers and employees.
Beazley also strongly recommends developing a breach response plan. It is highly probable it will be required in 2017.