Exposing the data behind cyber attacks



Cyber-attacks are a widescale problem, affecting both businesses and individuals across the globe. They can have a hugely detrimental impact on both the reputation and running of your business with data breaches potentially resulting in legal battles and negative press. Revealing statistics from Verizon’s 2018 Data Breach Investigation Report (DBIR) show how cyber-attacks have developed in the past year, from hacker motivations to common targets.


The motivations behind cyber attacks

The main motivation behind cyber-attacks is for financial gain, with 76% of all cyber-attacks being financially driven and 13% motivated by espionage.  Other common motives include entertainment, political exposure and personal vendettas. The study showed that 50% of all breaches were carried out by organised criminal groups, with the rest of the culprits comprising of internal actors, partners and lone wolves. Interestingly, 15 attacks which took place in 2018 were masterminded by former employees of the targeted company.


Which industries are most affected?

Small businesses have been worst affected in the past year, making up 58% of all cyber-attack victims. Amongst those heavily affected by breaches were the public sector, healthcare, retail, food and property management.  Making up 24% of all cyber-attacks, the healthcare industry was particularly affected, followed closely by accommodation and food at 15% and the public sector at 14%.


What were the most common attacks?

The most common attack of the past year at 48% was the misuse of stolen credentials obtained through hacking. Just below this was the implementation of memory-scraping malware or ‘RAM scrapping’, which is designed to strike in the split second that your data is vulnerable. The figures involving malware stand at 30% of all attacks. The majority of these attacks took place through the central database.


Which data is affected?

Personal data has been targeted the most in the past year, followed by payment details, medical information, confidential files and credentials.  This data can then be used to hold the business to ransom, damage their reputation, gain money from the press or sold on through other mediums, such as the dark web.


How long does it take to realise you’re a victim?

The statistics revealed that 68% of those affected by breaches didn’t find out that they had been affected until months later.  Often malware can be sat in your system without you noticing any difference, all the while gathering information.


Do I need to retrain my staff?

Whilst it is a good idea to keep your staff updated on good practice when it comes to computer security, it does appear that people are getting pretty good at spotting the more obvious signs of untoward cyber activity. This study revealed that 78% of people didn’t click on a phishing email all year. Unfortunately, only one person is needed to enable hackers access so even if it’s a quick refresher, make sure your employees are security savvy.


What happens if my business does get attacked?

Whilst you can help protect your business through training and a robust security system, just one slip up can result in a cyber-attack. One of the best means of defence can be to take out cyber insurance, which has been specially designed to act as damage control should you fall victim to a cyber-attack. This will cover you for any downtime your business faces, along with areas such as legal fees and reputational damage. Call Aldium Insurance on 0151 353 3886 to find out more.