Human Error is a Top Security Risk in 2022, New Report Shows
A new report from Verizon warns about the human error as being one of the most frequent causes of ransomware attacks and data breaches.
Human Error is Your Company’s Worst Enemy
Verizon’s latest annual report says organizations and their employees are the weakest links in their own security and the easiest target for cybercriminals. Cyberthreats can result in system compromise, data and time losses, and financial damages.
Researchers found that both security incidents and breaches had seen a massive surge in 2021, and the catalyst seems to be human error.
“The past year has been extraordinary in a number of ways, but it was certainlymemorable with regard to the murky world of cybercrime,” the report wrote. “From very well-publicized critical infrastructure attacks to massive supply-chain breaches, the financially motivated criminals and nefarious nation-state actors have rarely, if ever, come out swinging the way they did over the last 12 months.”
Ransomware on the Rise
There’s no surprise that the ransomware trend is gaining traction with the war in Ukraine and the COVID-19 pandemic. Attackers prey on human nature to hack their way into larger systems, such as companies.
“This year Ransomware has continued its upward trend with an almost 13% increase–a rise as big as the last five years combined (for a total of 25% this year)”, researchers noted.
Ransomware over time in breaches. Source: Verizon
“Ransomware’s heyday continues, and is present in almost 70 percent of malware breaches this year,” they added.
As time passed, ransomware families have come and gone and authorities have made great efforts to stop them, but the potential financial gain is so luring that cybercriminals will not back down anytime soon.
Supply Chain Attacks
According to researchers, supply chain incidents have also risen significantly over the last year. In a supply chain attack, a breach occurs in one system or software and can quickly propagate across organizations with lasting and very damaging consequences.
“For anyone who deals with supply chains, third parties and partners, this has been a year to remember,” they wrote.
Indeed, “supply chain was responsible for 62 percent of system-intrusion incidents this year,” researchers said. In addition, researchers warned that, unlike a financially motivated cybercriminal, actors of these crimes are often state-sponsored hackers who prefer to “skip the breach and keep the access,” maintaining persistence on the organization’s systems for some time.
This type of attack is particularly dangerous because of its ability to spread from a single company and infect its partners and customers, resulting in a very high number of victims.
Moreover, the breach often isn’t even spotted until long after hackers have gained access to a company’s networks, making it very likely for a data breach and long-term theft to take place.
Error, the Highest Security Risk
The report details two more crucial findings, related to where the ultimate responsibility lies — a human error either from inside or outside the organization. A small mistake can lead to grave consequences. Researchers found that human error is still a major cause why breaches occur.
“Error continues to be a dominant trend and is responsible for 13 percent of breaches,” researchers wrote. This discovery is mainly due to misconfigured cloud storage, which is usually the responsibility of the staff responsible for setting up the system, they added.
Misconfiguration over time in breaches. Source: Verizon
82% of data breaches analyzed in the report in 2021 involved the human element.
“Whether it is the use of stolen credentials, phishing, misuse, or simply an error, people continue to play a very large role in incidents and breaches alike,” the report wrote.
Educate Your Employees To Minimize Human Error
Many errors that happen today are the result of smart social-engineering techniques deployed by hackers, especially in phishing attacks.
The only way to combat human error is by providing your employees with a solid and comprehensive Security Awareness Training program, such as ours.
Researching the latest phishing trends and strategies and adequately training your employees can be a hassle, so leave it to professionals.
Here are a few perks of choosing ATTACK Simulator:
- Automated attack simulation — we simulate all kinds of cyberattacks.
- Real-life scenarios — we evaluate users’ vulnerability to give company-related or personal data away using realistic web pages.
- User behavior analysis — we gather user data and compile it into extensive reports to give you a detailed picture of your employees’ security awareness level.
- Malicious file replicas — our emails contain malware file replicas, to make the simulation as realistic as it can be.
- Interactive lessons — if employees fail to recognize our traps and fall into one, they will discover lessons on the best security practices.
- Brand impersonation — we impersonate popular brands to make the phishing simulations all the more realistic.
ATTACK Simulator’s Security Awareness Training program will help you equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irreparable damage.
Threatpost Verizon Report: Ransomware, Human Error Among Top Security Risks
Verizon Data Breach Investigations Report
Feature Image Hacker photo created by rawpixel.com — www.freepik.com