decrypting myths
and the detrimental
effect a breach can have
on brand, reputation and
the bottom line. Employees
should be a business’ first
line of defence, rather than the
weakest link in the security chain.
Ongoing training and education
programmes are essential, such as
role-specific training to users that are
targeted based on their privileges or
access to data.
5. Share information to
break the silence associated
with cybercrime
Verizon has always prided itself on
sharing information on cybercrime and
threat patterns; this is one of the key
factors behind the publication of our
annual DBIR. We believe that only by
sharing cybercrime information can
companies and governments effectively
combat cyberthreats. This year, DBIR
data gathered from around the world
was made accessible to information
security practitioners in order to
get them to understand the evolving
threats they face. The Verizon DBIR
Interactive tool, an online portal, enables
organisations around the globe to
explore the most common DBIR incident
patterns from the report.
represent 98% of social incidents and
93% of all breaches investigated in the
2018 DBIR – with email continuing to
be the main entry point (96% of cases).
Companies are nearly three times more
likely to get breached by social attacks
than via actual vulnerabilities.
Ali Neil – Director of International Security
Solutions at Verizon
4. Educate employees so they
know of the ongoing dangers
Employees are still falling victim to social
attacks. Financial pretexting and phishing
www.intelligentciso.com
|
Issue 07
More importantly, we have seen
pretexting incidents increasing over
five-fold since the 2017 DBIR, with 170
incidents analysed this year (compared
to just 61 incidents in the 2017
DBIR). Eighty-eight of these incidents
specifically targeted HR staff to obtain
personal data for the filing of fraudulent
tax returns. This clearly demonstrates
the need to continue to invest in
employee education about cybercrime
It is our intention that this sharing of
information continues, now and in the
future. We hope that companies will
continue to proactively share information
on breaches as time progresses. Barriers
are already lowering, as businesses
discover that there is more to be learned
from sharing than from sitting in silence.
These are just initial steps towards
developing a security strategy that is
based on actionable data insights and
intelligent security solutions. Continuing
to evolve security according to today’s
threat landscape is critical. The security
landscape will continue to evolve and
we all need to work together if we’re
going to be able to keep one step
ahead of the cybercriminal. u
79