You won’t know how you respond to a data breach until it happens – but if you are properly prepared, you can stay one step ahead of data thieves.
According to the 2019 Verizon Data Breach Investigations Report (DBIR), bad actors are almost always stealing data for financial gain.
Here are the top five things you should know about data theft:
5. Your phone makes you susceptible to identity theft
Nearly 20 per cent of clicks in employer-authorised, or 'sanctioned' phishing exercises come from mobile devices.
According to chief technologist of the Avant Research Group Arun Vishwanath there are a couple of factors at play here.
The hardware limitations of mobile devices make it harder to verify email credentials and see the obvious markers of phishing scams, and the way we distractedly use our phones leaves users vulnerable to dodgy emails and instant messages that can nab login info.
“Users often interact with their mobile devices while walking, talking, driving, and doing all manner of other activities that interfere with their ability to pay careful attention to incoming information,” Arun said.
“While already cognitively constrained, on-screen notifications that allow users to respond to incoming requests … further enhance the likelihood of reactively responding to requests.”
4. Card skimming is on the decline
Once the bane of the retail industry, the number of point of sale (POS) intrusions have dropped by more than 50 per cent since 2014.
POS attacks often use card skimming technology or RAM scraping malware.
The DBIR cites EMV chips in debit cards and contactless payments as factors that have limited the effectiveness of POS data breaches.
Given that Australians tend to prefer contactless payment methods, having your card info stolen when you swipe your card will soon be a thing of the past.
But this does not automatically mean your payment information is safe.
There has been a rise in the number of attacks against e-commerce web applications by actors who use spyware to capture data or otherwise exploit vulnerabilities in the system.
3. It is rarely an inside job
There has been a rise in system admin actors causing data breaches, but this should not cause immediate suspicion of IT staff.
“While the rogue admin planting logic bombs and other mayhem makes for a good story, the presence of insiders is most often in the form of errors,” the report reads.
Errors are a common first step in incidents and can cause major breaches down the line.
“Sending data to the incorrect recipients (either via email or by mailed documents) is still an issue,” the report says.
“Similarly, exposing data on a public website (publishing error) or misconfiguring an asset to allow for unwanted guests also remain prevalent.”
All-in-all, 70 per cent of data breaches are perpetrated by outsiders.
2. Ransomware continues to be a problem
After spikes in previous years’ data, the DBIR again reports that ransomware is among the most common form of malware.
Ransomware attacks on Australian businesses remain common, with most businesses choosing to pay the information hostage takers.
By comparison, the current flavour of the month, cryptojacking, barely gets a mention in the DBIR.
“We were at a hipster coffee shop and it was packed with people talking about cryptomining malware as the next big thing,” the report says.
“The numbers in this year’s data set do not support the hype, however, as this malware functionality does not even appear in the top 10 varieties.”
1. Phishing is still king
Yes, the tried and true method of fake login screens was the most frequent action involved in data breaches.
Phishing was present in nearly 80 per cent of cyber espionage incidents and it was identified as a key issue across several industries.
Yet there is some good news on the phishing front.
The click rate for sanctioned phishing exercises dropped to three per cent in 2018 – down from a whopping 25 per cent in 2012 which may be the result of numerous cyber-security awareness programs and heightened media reporting.
The report also recommends to “2FA everything.”
“It is a good idea to deploy multiple factor authentication throughout all systems that support it, and discourage password re-use,” the report says.
“These actions will definitely help mitigate the impact of stolen credentials.”