The number of cyber attacks and scams is increasing and cyber criminals are working faster and favouring a three-pronged assault on systems.
The latest 2016 Data Breach Investigations Report from Verizon has reported that in 93% of cases it took cyber hackers minutes or less to compromise systems. In 28% of cases data exfiltration also took place within minutes.
The report outlined a three-pronged attacked that is being repeated with great regularity. Many organisations are falling victim to this attack which works as:
- Sending a phishing email with a link pointing to a malicious website or - more often - containing a malicious attachment.
- Malware is downloaded onto an individual's PC and establishes an initial foothold. Additional malware can be used to look for internal information to steal or can encrypt files for ransom. Often malware will steal credentials to multiple applications through key logging.
- Use of the stolen credentials for further attacks, such as logging into third party websites including banking or retail sites.
This year's report once again demonstrates that there is no such thing as an impenetrable system," says Bryan Sartin, executive director of Verizon. "However often times even a basic defence will deter cyber criminals who will move on to look for an easier target.
"The goal is to understand how the cyber criminals operate. By knowing their patterns, we can best prevent, detect and respond to attacks," Sartin said.
The 2016 report reiterates the need for basic tools to hamper the opportunist hacker. It notes that basic, well-executed measures continue to be more important than complex systems. These include:
- Know what attack patterns are most common for your industry. Utilize two-factor authentication for your systems and other applications, such as when logging into popular social networking sites.
- Patch promptly.
- Monitor all inputs: Review all logs to help identify malicious activity.
- Encrypt your data: If stolen devices are encrypted, it's much harder for attackers to access the data.
VoicePlus provides a Managed Monitoring Service for Network and ICT Infrastructure to constantly probe the network checking for weaknesses, malware, and breach activity.