Cyberespionage and ransomware attacks are increasing, though the forms of attack vary widely between different industries.

That’s according to Verizon Communication Inc.’s latest annual Data Breach Investigations Report. Data collected for the report, which covered 2016, found that financial and insurance companies suffered six times more breaches from web application attacks versus those in the information services sector, at 364 and 61, respectively. Healthcare organizations reported higher levels of privilege misuse versus manufacturing companies at 104 compared with eight.

Cyberespionage headlines the report, described as now the most common type of attack seen in manufacturing, the public sector and education. That’s thanks to what Verizon claims is a high proliferation of proprietary research, prototypes and confidential personal data. Of the nearly 2,000 breaches analyzed in the report, 300 were espionage-related.

The levels of ransomware are also rapidly growing, with a 50 percent increase over 2015. The report essentially blames the rise of ransomware on lazy organizations, saying that “despite this increase and the related media coverage surrounding the use of ransomware, many organizations still rely on out-of-date security solutions and aren’t investing in security precautions. In essence, they’re opting to pay a ransom demand rather than to invest in security services that could mitigate against a cyber attack.”

In terms of attack vectors, the report found that phishing is growing, with 43 percent of data breaches investigated being attributed to rogue emails, with the method most widely used in both cyber-espionage and financially motivated attacks.

“Once again, the 2017 Verizon Data Breach Investigations Report shines a spotlight into the deep, dark corners where cyber security incidents and breaches lay,” Rapid7 Inc. Chief Data Scientist Bob Rudis told SiliconANGLE. “Social engineering has officially cemented its place in the VERIS Threat Action trifecta, along with hacking and malware, which should be a call to arms for organizations to up their game when it comes to security awareness and anti-phishing tools.”

Rudis wasn’t entirely negative, noting that an increase in the internal breach discovery percentage was a positive. But he said that “much work still needs to be done to reduce the time it takes for organizations to detect malicious events.”

Photo: Pixabay