Monday, May 20, 2019
Two recent reports reflect that cyberattacks and resulting data breaches continue to threaten U.S. companies and public entities. The Hiscox Cyber Readiness Report (April 23, 2019), compiled from a survey of more than 1,000 U.S. cybersecurity professionals at private companies and public-sector entities with 50 to 1,000+ employees, found that 53% of firms reported at least one cyberattack – up from 38% in 2018. Interestingly, only 11% of U.S. firms qualified as experts based on their cybersecurity preparedness and responses – down from 26% in last year’s survey; 16% of firms ranked as intermediate, and the remaining 73% ranked as novice. These statistics reflect a continuing need for public- and private-sector emphasis on cybersecurity preparedness and incident response.
The Verizon Data Breach Investigations Report (May 8, 2019) analyzed 41,686 cybersecurity incidents, of which 2,103 were confirmed breaches. Of the confirmed breaches, 16% were in the public sector, 15% in health care, and 10% in the financial services and insurance industry. Approximately 43% of the victims were small businesses. The report confirmed that the majority of breaches (69%) were perpetrated by outsiders, whereas a minority (34%) involved internal actors. Twenty-three percent of actors were nation-states or nation-state affiliated; this percentage was highest in the public sector, where cyber espionage accounted for 42% of breaches reported in 2018 (up from 25% in 2017).
Per the 2019 Verizon Report, email remains a popular point of entry for cyberattacks. Compromise of cloud-based email servers accounted for 60% of hacking-related breaches, and the median company received more than 90% of detected malware by email. Mobile devices remain the most vulnerable to hacking, partially due to their smaller, simplified display and the fact that they are often used when people are distracted or multitasking.
In a ..