Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Ransomware and Privilege Misuse Named Common Attack Patterns in 2017 Verizon Data Breach Investigations Report

May 26, 2017

  • Blog
  • Archive

Now in its 10th year, the  2017 Verizon Data Breach Investigations Report (DBIR) has been released and its findings provide insight for organizations seeking to improve their cybersecurity strategy to protect critical systems and valuable data from today’s threats.

The research found that 81% of hacking-related breaches leveraged either stolen and/or weak passwords, with 75% perpetrated by outsiders and 51% involving organized criminal groups Additionally, crimeware and insider/privilege misuse were defined as common attack patterns used by cybercriminals.

According to the report, the use of ransomware continues to soar – 73% percent of all breaches in 2016 were financially motivated. Ransomware surged in the healthcare industry from the 22nd most common type of malware in 2014 to the fifth most common in 2016. In total, 72% of all healthcare malware attacks in 2016 were, along the lines of the recent and highly publicized WannaCry.  Outdated methods of protecting sensitive information could be contributing factors and, according to the findings, many of the security issues that occurred in the healthcare industry could have been prevented.

The report reveals that the most significant change to ransomware in 2016 was the shift away from infecting individual consumer systems toward targeting vulnerable organizations. Having third-party access controls in place and policies that promote corporate cyber safety to employees and vendors will be critical for organizations moving forward.  In addition, securing insider access will be just as important. Bomgar’s recent Secure Access Threat Report revealed that while many organizations need to allow a myriad of internal and external parties to access their sensitive data and systems, they are often placing too much trust in employees and third-party vendors and do not adequately manage and control their access.

As cyberattacks continue to evolve, organizations should implement a layered security approach. Here are some quick takeaways for organizations to bolster their security efforts and avoid critical mistakes: 

  • Manage and control privileged access to systems – Implement a policy of ‘least privilege’, granting access to users based on their needs, job roles, or functions. Don’t forget about third-party contractors and vendors, and service or help desks who are often granted more privileges than they require.
  • Implement multifactor authentication – Ensure users are who they say they are by requiring multifactor authentication to access any privileged system.
  • Review policies and train people regularly – Technology can help make security easier, but it’s just one aspect of the entire solution. Make sure that each employee or contractor is regularly educated on cyber security best practices.
  • Monitor, record and analyze behavior – Create and track an audit trail for all privileged user activities, and review for anomalies or strange behavior.  

What solutions do you have in place for providing secure access to your organizations systems and networks? Check out Bomgar’s secure access solutions that help organizations worldwide securely support the systems and users who need them, without sacrificing productivity.

Stacy Blaiss

Director, Product Marketing

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.