The report found 170 incidents this year compared to 61 incidents in the last year, and 88 of these incidents specifically targeted HR staff to obtain personal data for the filing of file fraudulent tax returns
The human resource (HR) departments across multiple verticals are a big target for cyber criminals, which they use to extract employee wage and tax data, so criminals can commit tax fraud and divert tax rebates, a study has revealed.
The Verizon 2018 Data Breach Investigation Report (DBIR) has found that pretexting- or a social engineering technique that involves creating a false situation to obtain personal information- has increased over five times since last year.
The report analysed 53,000 incidents and 2,216 breaches from 65 countries.
The report found 170 incidents this year compared to 61 incidents in the last year, and 88 of these incidents specifically targeted HR staff to obtain personal data for the filing of file fraudulent tax returns.
“Companies also need to continue to invest in employee education about cybercrime and the detrimental effect a breach can have on brand, reputation and the bottom line,” said Bryan Sartin, executive director security professional services, Verizon.
“Employees should be a business’s first line of defense, rather than the weakest link in the security chain. Ongoing training and education programs are essential. It only takes one person to click on a phishing email to expose an entire organization,” he added.
Human behaviour has constantly been flagged as a concern for the spread of malicious cyber and ransomware attacks. This Kaspersky blog, for instance, highlighted how the much talked about WannaCry ransomware spread last year, largely because the attackers were able to exploit the human factor, with “non-IT personnel being the weakest link”.
The DBIR 2018 also found that ransomware is the most prevalent variety of malicious software, and was found in 39 percent of malware-related cases examined this year.
“Most importantly, based on Verizon’s dataset it has started to impact business critical systems rather than just desktops. This is leading to bigger ransom demands, making the life of a cyber criminal more profitable with less work,” the report has found.
Amongst industry sectors, education, financial and insurance, healthcare, information and public sector were found to be more vulnerable.
“The reporting rates of cybercrime are very, very low,” said Ashish Thapar, Managing Principal - APAC, Verizon Enterprise Solutions. “With the gorwing attacks, it is not possible to accurately show where the attacks have originated. There is a need to have data centric security and not data centre security,” he added.
The report suggests, applying software patches promptly, encrypt sensitive data, and using two-factor authentication as some of the measures organisations and individuals can take to guard against online threats.