{"id":6320,"date":"2021-09-02T22:58:49","date_gmt":"2021-09-02T22:58:49","guid":{"rendered":"https:\/\/contentsecurity.com.au\/?p=6320"},"modified":"2021-09-03T05:10:00","modified_gmt":"2021-09-03T05:10:00","slug":"ransomware-phishing-and-compromised-credentials","status":"publish","type":"post","link":"https:\/\/contentsecurity.com.au\/ransomware-phishing-and-compromised-credentials\/","title":{"rendered":"Ransomware, phishing & compromised credentials: perpetual cyber security hurdles"},"content":{"rendered":"\t\t
The OAIC\u2019s January to June 2021 NDB report<\/a> showed an overall decrease of 16% in breach notifications compared to the July to December 2020 period. As per usual, malicious attacks were the leading source of data breaches (65%), followed by human error (30%) and system fault (5%).<\/p> After three years of the NDB report, it is no surprise that health service providers reported the highest number of breaches, accounting for approximately one fifth of all notifications. Finance notified 13% of all breaches, and the Australian Government remained in the top five industry sectors for the second consecutive report, with approximately 7% of notifications.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t While the breakdown of breach source varied across each industry sector, 66% of criminal attacks were the result of cyber incidents and 34% could be owed to rogue employees, social engineering\/impersonation, and theft of paperwork.<\/p> Over half of cyber incidents involved external threat actors gaining access to accounts using compromised or stolen credentials, with email-based phishing increasing by 5% in the last reporting period:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t With great results yielded for cyber attackers, it\u2019s evident that these threat vectors will be perpetual mountains to climb for years to come. We\u2019ve seen them cripple businesses time and time again, and it\u2019s time to recognise that these are chronic, long-lasting issues that call for continuous protection.<\/p> What the NDB report shows us is that having the right controls in place is nothing without having the right knowledge to back it up. While malicious incidents consistently comprise the majority of breaches in the reports, the role human error plays in both criminal attacks and internal breaches should not be downplayed.<\/p> As Australian Information Commissioner and Privacy Commissioner Angelene Falk reminds us, \u2018human error remains a major source of data breaches. Let\u2019s not forget the human factor plays a role in many [malicious] cyber security incidents, with phishing being a good example.\u2019<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t As Proofpoint\u2019s 2021 State of the Phish Report<\/a> shows, successful phishing attacks lead to more than just data loss \u2013 the results are more often than not ransomware, credential compromise and other malware infection:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t If nothing else, this truly emphasises the need for greater staff security awareness training, with a focus on phishing, as well as:<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t Security awareness is still one of the most effective countermeasures to preventing breaches from these three attack methods, with 80% of organisations owing a reduction in phishing susceptibility to information security awareness training (ISAT). It is a critical layer of defence-in-depth, helping businesses bolster awareness and therefore protection against phishing, ransomware, malware, and more.<\/p> Whether in an ad-hoc or managed capacity, businesses should undertake ISAT to increase staff knowledge and vigilance, particularly around the four areas of focus above. Businesses that implement ISAT equip their people with the right tools and skills to adequately defend against cyber attackers, minimising breaches from both malicious vectors and internal faults.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t We\u2019ve developed a Managed Cybersecurity Awareness Program (MCAP)<\/a> to help businesses promote a culture of awareness and protect their data. To discuss your ISAT needs, please contact our consultants today.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\tBreach sources\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
Figure 1. cyber incident breakdown – all sectors, oaic notifiable data breach report january-june 2021<\/h6>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
Unfortunately, phishing, compromised credentials and ransomware are here to stay \t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
Phishing, compromised credentials and ransomware are not mutually exclusive<\/h2>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
FIGURE 2. IMPACTS OF SUCCESSFUL PHISHING ATTACKS, PROOFPOINT 2021 STATE OF THE PHISH REPORT \t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
How to jump these perpetual cyber security hurdles? \t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
Content Security\u2019s Cyber Security Awareness Training\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
About the report\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
For more information please contact our cybersecurity professionals today. <\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t\t
Call 1300 659 964<\/h3><\/span>\n\t\t\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t
Send us a message<\/h3><\/span>\n\t\t\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
Recent news<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t