February 22, 2018 by Jason Contant
Cyber insurer Beazley is expecting an increase in cyberattacks that lead to business interruption, especially due to the growth of cloud platforms and connected devices in the workplace.
On Wednesday, Beazley released its 2018 Breach Briefing outlining the types of cyberattacks that affected its clients in the United States last year. Of the 2,600 data breach incidents it investigated, more than one-third (36%) were from hacks or malware, followed by accidental disclosure (28%). Insider threats and social engineering accounted for 10% each, followed by those on portable devices (7%), physical loss/non-electronic records (6%), unknown/other (2%) and payment card fraud (1%).
Among the report’s highlights, more than half (55%) of fraudulent wire instructions affected small- and medium-sized businesses. Of these incidents, 21% were in the financial services sector.
Last year, Beazley Breach Response (BBR) Services, the insurer’s in-house breach response team, reported a sharp increase in the number of sophisticated social engineering schemes, frequently taking the form of business email compromises. In fraudulent instruction attacks, a cybercriminal uses compromised email credentials to induce an employee to make a wire transfer or other electronic payment to a bank account controlled by the cybercriminal.
Among the tips to protect an organization from fraudulent instruction attacks, Beazley recommends to:
“Criminals are intent on stealing data or extorting cash and their methods are becoming more sophisticated by the day,” Katherine Keefe, global head of BBR Services, said in a press release. “Wherever weaknesses exist – in systems, processes or simple human fallibility – every organization regardless of sector and size is vulnerable.”