Ransomware incidents have surged 50 percent from a year ago, educational institutions are becoming a playground for cyber espionage, and 68 percent of healthcare security threats are internal, according to Verizon's 2017 Data Breach Incident Report (DBIR).
The DBIR is based on data from 65 organizations, 42,068 incidents, and 1,935 breaches in 84 countries.
At a high level, Verizon's DBIR isn't that surprising. One of the recent trends is that cybercriminals have been targeting smaller companies. According to Verizon, 61 percent of data breach victims in the DBIR have less than 1,000 employees.
If you dig deeper in the report, one of the more interesting takeaways is that education is a hotbed for security issues.
The education breakdown includes:
- 455 incidents with 73 confirmed data disclosures.
- Cyber espionage is a leading pattern with external threat actors representing 71 percent of the cases.
- Motives include financial at 45 percent of cases followed by 43 percent. "Fun" accounted for 9 percent.
- Of the data compromised 56 percent of it was personal with 27 percent secrets and 8 percent being credentials.
"We haven't seen the prevalence of attacks we've seen in education until this year. If you look back the attacks make pretty good sense. There are grants, research study and a lot of interesting data in .edu," said Marc Spitler, senior manager at Verizon Security Research.
Healthcare was also a key industry that was targeted. Spitler said healthcare has a bit more visibility into the ransomware epidemic because organizations have to report more due to HIPAA requirements.
Thirty-two percent of the threat actors in healthcare were external with 68 percent internal. As for the motives in healthcare breaches, 64 percent was financial with 23 percent "fun" and 7 percent "grudge." The data most often compromised was medical (64 percent) and personal (33 percent).
In other words, healthcare has its unique security issues. Verizon noted:
Insider misuse is a major issue for the Healthcare industry; in fact it is the only industry where employees are the predominant threat actors in breaches. Interestingly enough, insiders' motives are almost equally divided between financial and fun. This is a product of a lot of sensitive data that may be accessed by legions of staff members containing PII --that is perfect for identity theft-- and medical history (sometimes of friends or relatives), that is very tempting for enquiring minds (that want to know!).
Among other industries, financial and insurance would be primarily hit with denial of services attacks. The motives revolved around financial gain and credentials were the main data compromised (71 percent of incidents).