Post written by
Alexander Polyakov
CTO and Co-Founder at ERPScan. President of EAS-SEC. SAP cybersecurity evangelist. Speaker. Trainer. Geek.
Time has shown there is no parameter that can warrant a company’s cyber immunity. Nonetheless, forewarned is forearmed, and it is essential to understand existing trends and tendencies that malefactors have followed so far.
For now, there are several research papers dedicated to attacking statistics that make it possible to come to certain conclusions. One of them is Verizon’s well-known Data Breach Investigations Report, which was published in mid-2017 and covers hundreds of attacks that took place in 2016. Another document that accentuates industry division is one we at ERPScan put together called the Industry-Focused Data Breach Report 2018. Both reports analyze the main attack trends in various spheres of activity and consider the main triggers that may become a reason for a breach.
What Types Of Attacks Do Hackers Carry Out?
The main types of threats can be either espionage, sabotage or fraud. In espionage, an attacker targets critical data that can include any important information about a company. In 2017, it became the most widespread type of threat that took place in 44% of all the cases. The number of stolen credentials surpassed 14 million accounts. In the case of fraud, attack techniques are associated with the direct receiving of money. An average breach “price” amounted to some $5.5 million last year. Sabotage implies causing any type of downtime. A common form of sabotage of 2017 kept sites offline for 2 days; both espionage and sabotage were performed almost with the same frequency.
What Are Hackers’ Targets Primary Targets?
One of my objectives is to bring into sharp focus the fact that industry division plays a crucial role in revealing attack tendencies. There are specific attack trends in different industries that have been formed in the space of a few years. For a better understanding, let’s separate all the main fields of activity into three categories according to the incident frequency inside them.
Organizations that are considered the leaders in having any sort of influence on society occupy the first place. By these, I’m referring to the media, government, public administration and IT. Among the victims in media, there are such famous enterprises as Facebook, HBO and YouTube.
Both the Verizon and ERPScan reports agreed on putting finance, retail, health care and educational organizations in the middle of the frequency list. Since companies in these sectors typically store financial and customer data, they must realize their temptation for hackers and make evident improvements in their systems’ protection. But these security measures are still insufficient by now.