How can companies remain safe from security breaches when COVID-19 caused a quick pivot from working in a secured office to an at-home environment?
Verizon recently released its yearly Data Breach Investigation Report, highlighting trends in cybersecurity breaches by sector, and financial gain remains the key driver for bad actors.
The 2020 DBIR analyzed 32,002 security incidents, 3,950 of which were confirmed breaches — almost double the 2,013 breaches analyzed in 2019.
The DBIR’s data focuses on major geographies like North American; Asia and the Pacific; Europe, the Middle East and Africa; and Latin America and the Caribbean.
While the study does not get granular by state or region, it does contain data specific to industries like real estate, health care, construction, retail and others.
John Loveland, Verizon’s global head of cybersecurity strategy and marketing, said one of the main reasons for the report is to share information people and businesses can use to prioritize their defenses.
“Sometimes it’s very hard to make sense of what’s likely to happen to me and how I could approach it,” Loveland said. “If you look at the data in your industry, this is the threat I’m most likely to face, here’s the type of data that’s typically compromised, then you can focus on how to prioritize your defenses and get the most bang for your buck.”
The intense pivot to working from home in response to COVID-19 has led to increased vulnerability to cybersecurity threats on the individual level, Loveland said. Because home devices usually have fewer security controls than an employer-issued device, there’s inherently more risk of exposure.
“It could not only affect your computer, but it could also be introduced to the company through virtual private networking,” Loveland added.
This year, Verizon saw a substantial increase in the number of breaches and incidents reported from the health care industry. The number of confirmed data breaches in this sector came in at 521 versus the 304 in last year’s report.
While health care is an extremely vulnerable industry, it has made positive strides in the past, Loveland said. Back in 2017, there was a slew of ransomware attacks that attacked health systems large and small.
“The National Health Service in Britain had to go back to manual patient processing,” Loveland said. “There’s a lot of small hospitals that were affected by ransomware.”
Ransomware is a specific type of malware that prevents user access to a system. For individual users, it typically gets run through an email and then launches itself against the computer, freezing and encrypting data until the user pays a ransom.
Loveland said ransomware took off in 2017 and has since become the predominant attack vector because bad actors don’t have to have to be very tech-savvy to execute such an attack.
“Because it doesn’t require sophisticated hacking, a lot of the people using it are looking for low-hanging fruit,” Loveland said. “They went after everything from large businesses to small mom and pops.”
While health systems have invested heavily in their ransomware protection, those systems are still vulnerable to attack. Given the pace and nature of the industry, it is heavily accident-prone, Loveland said. Anything from leaving one’s system logged on, leaving patient records out or sending patient information to the wrong database constitute an insider threat.
Another big concern that ties to the COVID-19 crisis is the rapid shift to telemedicine over the last three months. According to conversations with health care advisors, Loveland said telemedicine went from 2% to around 60% of their services in that timeframe.
“We think there’s going to be significant vulnerabilities over then next few months,” he said. “It could come from patients trying to access care through telemedicine and they have malware on their computer.”
The 2019 DBIR reported health care had internal breaches (59%) exceeding those perpetrated by external sources (42%), a first for the industry. This year, external breaches are slightly more common at 51%, while breaches perpetrated by internal sources fall to 48%. This still is a small percentage and health care remains the industry with the highest amount of internal bad actors.
Construction is an industry most people don’t think about in terms of cyberthreats, but according to the DBIR, it is a critical industry that generates a great deal of economic growth and helps to sustain the nation’s infrastructure, and with that comes the promise of financial gain for potential bad actors.
“The data that is typically compromised are credentials,” Loveland said. “That’s true for almost all industries. If you think about it, as companies are moving applications very rapidly to the cloud — an external breach is very difficult to pull off because of security — the easiest point for hackers to gain entry is stealing user credentials.”
For all industries, there are two approaches to dealing with threats, Loveland said. One is creating more defenses for ransomware, everything from putting more advanced malware detection on systems to leveraging technology to block sites known to host ransomware.
Verizon recommends its DNS Safeguard, which has a repository of known bad sites. Now, these sites often come in the guise of promising “latest information on COVID-19” or other ways to take advantage of people’s uncertainties.
“This is where we see people particularly vulnerable right now,” Loveland said. “They’re scared. They’re looking for information. They could be waiting on a check, and they’re quick to click links that satisfy that need.”
The other approach is for individuals to make sure their antivirus signatures are up to date and just generally be aware of the threats around phishing and fraud.
“Never underestimate the value in education,” Loveland said.
The full 2020 DBIR is available at enterprise.verizon.com/resources/reports/dbir.