Insider threats, human error, ransomware are healthcare's biggest risks, Verizon report says
Ransomware is the most prevalent malicious software in all sectors, found in 39 percent of all malware-related breaches or twice as much as 2017, according to the latest Verizon Data Breach Investigations Report.
It moves from fourth place last year and up from 22nd place in 2014. Hackers are now leveraging the virus to disrupt critical systems instead of a single device to make more in ransoms.
But while ransomware is still a prevalent threat to the industry, healthcare has the most dubious title: The only industry where inside threats outnumber outside threat actors.
More than half of the sector’s breaches (56 percent) were caused by internal threat actors, while 43 percent were caused by external risks. And 24 percent of those internal breaches were caused by misuse. Thirty-five percent were caused by user error.
The report also found a sharp increase in breaches since 2015, with 536 breaches and 750 incidents. Human error was a major factor in these incidents, as well as employees abusing access to systems.
Financial pretexting and phishing incidents cause the majority of these events, with email as the main point of entry. Fortunately, 78 percent of employees on average didn’t fail a phishing test last year, but 4 percent did. And it only takes one to enable a breach.
Also notable was that 87 percent of breaches took minutes or less to achieve; and more than two-thirds of breaches went undiscovered for months or longer.
“[Cybercriminals] don’t need much time to extract valuable data – they usually have much more than they need as it typically takes organizations weeks or months to discover a breach,” the report authors wrote. “In many cases, it’s not even the organization itself that spots the breach, it’s often a third party like law enforcement or a partner. Worst of all, many breaches are spotted by customers.”
The report authors’ recommendations for improving security posture echo the sentiments of most security leaders: defense and response. It’s not just important to build strong defenses that dissuade hackers from continued attacks: organizations also need to be prepared to launch a swift response.
Organizations need to routinely monitor log files and change management systems to detect a security compromise, while training employees to spot signs of an attack, according to the report. Further, organizations need to limit who has access to sensitive data only to those who need it.
“What’s interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom,” Bryan Sartin, Verizon’s executive director of security professional services, said in a statement.
Organizations need a more proactive approach to security, he explained. And they need to better understand the threats, while putting in place solutions to protect themselves.