The recent release of new data from U.K. cyberinsurer Beazley’s brings to light what kinds of attacks their customers are experiencing and who’s at risk.
Cyberattacks in the U.K. occurred an average of one per minute in 2019. While so many attacks can appear indiscriminate in nature, cyberinsurer Beazley brings some order to the perceived cyber-chaos, helping U.K. organizations understand the nature of attacks and their targets.
Beazley’s 2020 Breach Briefing covered some of the trends experienced by their customers between 2018 and 2019. According to the briefing:
- Business Email Compromise (BEC) was down slightly (12 percent) in 2019
- Ransomware saw a massive increase of 131 percent
- The top cause of loss (54 percent) was “hacking or malware”
- Healthcare was the most targeted industry (35 percent of attacks)
- Small and Medium Businesses were the largest target (62 percent)
According to Beazley, remote desktop and phishing attacks were the two primary attack vectors. This aligns with previous industry data we’ve seen. As we’ve previously recommended, RDP attacks can be best addressed by eliminating Internet-facing access to an RDP session, using a VPN, and leveraging a third-party remote desktop product.
Phishing requires a bit of a layered security strategy, including DNS and email scanning, endpoint-based AV, endpoint detection and response solutions, and – most importantly – Security Awareness Training for your users. The other solutions are designed to attempt to detect and stop phishing attacks, but it’s Security Awareness training that empowers users to be included in the security strategy by teaching them to be mindful of (and spot) suspicious and potentially malicious emails before interacting with them.