The number of data breaches in the first quarter of 2017 was 39% higher than in the same period last year, according to the global insurance underwriter Beazley. The figures are based on the number of breaches that Beazley’s Breach Response Service responds to, with the firm reporting that it dealt with 462 incidents in Q1 2016 and 641 in Q1 2017.
Beazley breaks down its figures by the type of data breach, and has identified four growing trends:
- Direct deposit deception
There have been a number of incidents in which criminal hackers use phishing techniques to “infiltrate email accounts and change their direct deposit account details. Once hackers have access to an employee’s email, they request a password reset from the organization’s payroll provider and change the employee’s inbox forwarding rule to send all emails from the payroll provider to the target’s junk email. The hackers then change the employee’s direct deposit bank account details to their own to steal funds.”
Some versions of this scam also involve gaining access to employees’ tax information and filing fraudulent tax returns, similar to the Form W-2 phishing scam, which has become a regular fixture of tax season in the US.
- Ransomware continues to grow
Although the WannaCry pandemic brought ransomware to many people’s attention, it has been growing rapidly over the past two years. The number of ransomware attacks in Q1 2017 was 35% higher than in the same period last year. This follows a 300% rise between 2015 and 2016.
- Hospitals being hacked
Every year, the healthcare industry is responsible for a large number of data breaches, but these are typically the result of unintended disclosure, such as misdirected emails or the improper release of discharge papers. Beazley’s figures suggest the healthcare industry is now more often targeted by criminal hackers. Unintended disclosure is still the biggest contributor by far (accounting for 45% of data breaches), but hacks and malware account for the second largest category of breaches (16%).
- Banks being hacked
Criminal hackers are focusing more attention on banks. Beazley reports that hacks and malware represented 39% of breaches in the banking sector in Q1 2017, equal to the proportion that it made up in Q1 2016. The second leading cause of data breach was unintended disclosure, which made up 31% of breaches in Q1 2017, up from 26% over the same period last year.
Protect your business
If you’re worried about which part of your systems are vulnerable to an attack, you should conduct regular penetration tests. Testing is an essential part of any cyber security strategy, helping you establish whether critical processes, such as patching and configuration management, have been followed correctly.
IT Governance is a reputable, certified provider of penetration tests. We offer fixed-price and bespoke CREST-accredited penetration tests to help you prepare for attacks against your information assets.