The criminals of today are the same as those of 30 years ago – they just have better weapons. The scale of cyber crime is truly staggering: data breaches in the US exceeded 6 million records in the first half of 2016 alone. Hackmageddon highlights the four key motives behind cyber attacks in 2016. Cyber crime overwhelmingly topped the charts, accounting for 82.7%. The most common target is industry, which is on the receiving end of 22.67% of attacks.
Interestingly, Zero-Day Exploits were the highest vendor at 25.33%. This is alarming because the origin and point of vulnerability in this type of attack is unknown. As such, there are no patches or fixes available. The hackers behind such attacks are using increasingly advanced malware that can go undetected for years.
Small Firms are the Biggest Targets
According to Symantec, small businesses accounted for 43% of all targets of cyber-crime in 2015: an increase of 9% over 2014 and 24% over 2011. Staff responsible for company finance are the most common victims, with malicious emails being used to gain access to personal information and monies. To give you a clearer idea of the magnitude of this problem: 60% of small businesses who sustain a cyber attack close down within 6 months.
Means, Motive and Opportunity
As we have seen, 20% of security breaches are attributable to “insider misuse”. We aren’t talking about taking pens or going through the till when nobody is looking. The type of crime being committed here is selling patient records and stealing birth dates and social security numbers for the purposes of benefit fraud.
Cision found that 90% of cyber attacks are successful because they use information stolen from employees. They suggest that companies invest too much time and money in network security when, in fact, employee identity theft and access exploitation are a much greater risk. Staff are the weakest link in the chain.
So, when you next come to update your security software and revise your protocols, remember: employees are the root cause of 90% of cyber attacks by virtue of being the greatest vulnerability in any organisation’s security.