The report found most attacks exploit known vulnerabilities that have never been patched despite patches being available for months, or even years.
Cyber criminals are continuing to exploit human nature as they rely on familiar attack patterns such as phishing, and increase their reliance on ransomware, according to a recent report from Verizon.The report found most attacks exploit known vulnerabilities that have never been patched despite patches being available for months, or even years.In fact, the top 10 known vulnerabilities accounted for 85 percent of successful exploits, and 89 percent of all attacks involve financial or espionage motivations."One of the most concerning findings was the fact that 63 percent of data breaches were a result of weak, default or stolen passwords," Ryan Disraeli, co-founder and vice president of TeleSign, told eWEEK. "At TeleSign we know passwords are failing us when it comes to protecting online accounts. In fact, our research shows that 70 percent of consumers no longer trust passwords to protect them, but Verizon’s report makes it clear that online security best practices are not evolving as fast as they should. It’s up to both businesses and consumers to step up their efforts." Disraeli explained more businesses need to start offering (even mandating) additional layers of security like two-factor authentication, which makes it infinitely harder for hackers to attack accounts. And consumers should take advantage of free additional security measures, like 2FA wherever it’s available, to protect themselves and their online lives, he said.One area that has picked up dramatically over the prior year is phishing—where end users receive an email from a fraudulent source.Alarmingly, 30 percent of phishing messages were opened – up from 23 percent in Verizon’s 2015 report – and 13 percent of those clicked to open the malicious attachment or nefarious link.Also worth noting from the report is that Web application attacks climbed to the top spot for data breaches, up 33 percent over prior year, and the vast majority (95 percent) were financially motivated."We believe the next few years are going to see consumer account security evolving to incorporate additional layers of authentication built around real-time intelligence and identity data," Disraeli said. "While passwords will largely remain as the first layer of defense, adoption of additional layers such as two-factor authentication via mobile devices will increase and new security services like behavioral biometrics will begin to rise in popularity due to their ability to provide greater account protection and identity insights, with no additional friction to end-users."He said ultimately, this layered approach will provide businesses with the identity assurance and real-time analytics they need to combat ever-evolving fraud challenges that threaten their own revenues and the security of their end-users.
- eWeek