Miscellaneous errors accounted for the largest number of data security breaches last year, while ransomware is becoming a more common form of cyber attack, according to Verizon.
The telecom company said in its 2016 Data Breach Investigations Report that miscellaneous errors were at fault for 17.7% of breaches, followed by insider and privilege misuse (16.3%) and physical theft and loss (15.1%).
Errors included improper disposal of company information, misconfiguration of IT systems, and lost and stolen assets such as laptops and smartphones. More than a quarter of them involved people mistakenly sending sensitive information to the wrong person.
“Despite advances in information security research and cyber detection solutions and tools, we continue to see many of the same errors we’ve known about for more than a decade now,” Bryan Sartin, executive director of global security services for Verizon Enterprise Solutions, said in a news release.
Crimeware accounted for 12.4% of intrusions, with phishing picking up dramatically over 2014. (Crimeware are programs meant to automate the theft of information, such as enabling someone to gain access to a person’s banking accounts online.) Thirty percent of phishing messages were opened — up from 23% — and in 13% of those cases, the recipient clicked to open the malicious attachment or link.
Phishing is “an amazingly effective technique and offers attackers a number of advantages such as a very quick time to compromise and the ability to target specific individuals and organizations,” Verizon said.
The median time for the first user of a phishing campaign to open the malicious email is 1 minute, 40 seconds and the median time to the first click on the attachment was 3 minutes, 45 seconds, according to Verizon.
Ransomware attacks, a form of crimeware that restricts access to an infected computer system and demands the user pay money, increased by 16%, accounting for 39% of crimeware incidents in 2015.
In specific industries, crimeware was one of the three most prevalent forms of attack on financial services companies, along with web app attacks and denial of service, and on utilities, along with cyber-espionage and denial of service.
Compromises of mobile and Internet of Things devices were not a significant problem in 2015 but Verizon warned it is only a matter of time before a large-scale breach occurs.