Out of nearly 160,000 reported cyber incidents affecting businesses in 2017, 93 percent could have been prevented by following basic security measures such as regularly updating software, blocking fake email messages, using email authentication, and training employees, a new report claims.
The overall number of reported incidents nearly doubled 2016's total of 82,000 incidents, according to the Online Trust Alliance (OTA), an Internet Society initiative, which released its 2017 Cyber Incident & Breach Trend Report on 25 January, in advance of Data Privacy Day. For the purposes of its research, OTA defines an incident as any unauthorised action resulting in system or device access, data extraction or manipulation, business disruption, or financial/reputational harm.
Basing its findings on threat intelligence data gleaned from various sources, OTA reports that the majority of data breaches, 52 percent, were reportedly the result of actual malicious hacking. The next most common causes included an absence of proper security software (15 percent), credit card skimming (11 percent), a lack of internal controls (11 percent), and phishing attacks (eight percent).
OTA also found that there were 134,000 ransomware attacks on businesses in 2017, compared to roughly half that amount in 2016.
“Regular patching has always been a best practice and neglecting it is a known cause of many breaches, but this received special attention in 2017 in light of the Equifax breach,” said Jeff Wilbur, director of the OTA initiative at the Internet Society, in a press release. “In 2018 we expect patches to play an even more integral role due to the recently discovered Spectre and Meltdown vulnerabilities where nearly every computer chip manufactured in the last 20 years was found to contain fundamental security flaws.”