1 𝗧𝗵𝗲 𝗦𝗼𝗰𝗶𝗮𝗹 𝗘𝗻𝗴𝗶𝗻𝗲𝗲𝗿
Cyber criminals impersonating others can fool unsuspecting employees into compromising data. In one case, a spoof email purportedly from the company’s CEO instructs an employee to send a PDF containing employees’ 1099 tax forms for an upcoming meeting with the Internal Revenue Service. The social engineer can obtain Personally Identifiable Information (PII).
Social threats were a factor in just under one-third of confirmed data breaches, with phishing being the tactic used in 92 percent of social-related attacks.1 An email can appear to be from a legitimate sender, but contain a malicious attachment or link that can provide spear phishers with access to banking credentials, trade secrets, and other information.
3 𝗧𝗵𝗲 𝗛𝗮𝗰𝗸𝗲𝗿
Malware poses a serious threat because it can capture keystrokes from an infected device even if employees use strong passwords with special characters and a combination of upper- and lower-case letters.2 Malware poses a serious threat because it can capture keystrokes from an infected device even if employees use strong passwords with special characters and a combination of upper- and lower-case letters.
4 𝗧𝗵𝗲 𝗥𝗼𝗴𝘂𝗲 𝗘𝗺𝗽𝗹𝗼𝘆𝗲𝗲
Employee dissatisfaction poses an insider threat to data. Insider threats accounted for 15% of breaches across all patterns3, and they can be especially difficult for businesses because employees frequently have access to data as well as knowledge of where it is stored.
5 𝗧𝗵𝗲 𝗥𝗮𝗻𝘀𝗼𝗺 𝗔𝗿𝘁𝗶𝘀𝘁
Ransomware has become the fifth most frequent type of malware, up from the 22nd most frequent in the 2014 Verizon Data Breach Incident Report4. Bad actors have been changing codes and using new ransom attack strategies, which has caused a spike in ransomware.