Smaller Companies and Education Sector Most At-Risk for Data Breaches
Companies with fewer than 1,000 employees are more likely to be the victims of a data breach, according to Verizon’s 2017 Data Breach Investigations Report. In fact, 61% of corporate data breach victims fit this description.
Another key finding of the report, based on data from 65 organizations, 42,068 incidents, and 1,935 breaches in 84 countries, is that the education sector is proving to be a hotbed of security problems. In this sector, there were 455 cybersecurity incidents and 73 confirmed data disclosures. Many of these attacks (71%) arose from cyber espionage, which is not surprising, as research at universities often brings about potentially lucrative patent opportunities. In fact, financial gains were the largest motivating factor (45%) in attacks on educational facilities. Only 9% of the attacks were launched for “fun.” The breached data included 56% personal information, 27% secret information and 8% credentials.
“We haven’t seen the prevalence of attacks we’ve seen in education until this year. If you look back the attacks make pretty good sense. There are grants, research study and a lot of interesting data in .edu,” said Marc Spitler, senior manager at Verizon Security Research.
The education sector is not the only one at risk. Healthcare has also been targeted, particularly by ransomware attacks, which are up 50% from last year. Ransomware involves hackers infecting systems with malicious software that encrypts files and then freezes a computer or server. To decrypt the information and regain access to their systems, the victim must pay the cybercriminal. The healthcare industry is especially susceptible to these sorts of attacks due to HIPAA regulations.
Of the attacks in the healthcare industry, most (68%) were internal, and motivations included financial (64%), “fun” (23%) and “grudge” (7%). Medical data was most often compromised (64%), and personal data made up 33%.