A study of data breach incidents in 2015 revealed how common business-like cybercrime operations have become. The opportunity to reap significant monetary gains is attracting sophisticated criminals who are turning cybercrime into big business.
Software designed to exploit system vulnerabilities has been accessible for on the black market for some time. However, the study's researchers found that enterprising criminals are offering such malware on the cloud as a service. Although the "service" is illegal, it is promoted and sold as if it were legitimate, and, like legitimate "software as a service" products, is updated with the latest exploitable vulnerabilities.
The study also found that data is still the prime target of attackers, with 60 percent of the beaches focusing on payment card data. Greg Masters "Cyber-crime as a business rampant, new study," (Apr. 22, 2016).
As the above study confirms, large profit opportunities are attracting more criminals with more advanced techniques aimed at breaching an organization’s systems.
In an article we published at the end of last year, "Your Cybersecurity Rests On Your Weakest Link And Your Lawyers", we highlighted a survey from the Association of Corporate Counsel that found “employee error” as the most common cause of data security breaches.
Consequently, until employers address employee negligence, cyber crime will continue to increase. Employee negligence includes inattentive clicking on suspicious links, failing to keep software up-to-date or using weak passwords. Data security is also compromised when employees lose work-related mobile devices or storage media.
Employers must establish cybersecurity training for all employees that emphasizes the significant impact user behavior has on data security. To help employees understand the role they play in securing organizational data, highlight statistics like those from a January 2015 CompTIA study that found human error as the main cause of 52 percent of security breaches studied.
In addition, training is most effective when conducted on a regular basis. As a result, consider holding monthly or quarterly cybersecurity updates.
Via: Hartford Help