94% of Malware is Delivered via Email

Plus, More Key Findings from the Verizon DBIR Report


Verizon’s 2019 Data Breach Investigations Report (DBIR) reviews real world findings in the area of cybersecurity to provide critical insights about the threats that organizations face.

Data breaches, malware, and phishing attacks can be some of the costliest threats that Central Massachusetts businesses are up against. Because business processes are so dependent on technology, anything that disrupts the IT environment can mean major downtime.

The average cost of a data breach is $3.62 million and approximately 60% of small businesses have to close their doors for good within 6 months of an online attack because they never recover.

Our team has reviewed the Verizon DBIR report to bring you the most valuable insights, along with tips on how to protect your business from the online threats identified.

Key Takeaways on the Biggest Threats That Could Impact Your Business

Online threats are always evolving, so knowing which ones are growing and how to defend yourself is vital. Here’s what the report revealed about cybersecurity weaknesses and what you need to know to shore up your defenses.

Email is Your Biggest Vulnerability

After reviewing real-world data from 41,686 security incidents and 2,013 data breaches, the Verizon report found that a whopping 94% of all malware is delivered by email.

This comes in the form of phishing attacks, which have continued to be a tried and true method to compromise business networks and devices. Phishing has become more sophisticated over the years, using email spoofing and duplicating the logos of well-known companies to fool users.

Protection Methods:

  • User training to identify phishing emails
  • Anti-spam and anti-phishing software
  • Strong firewall and anti-malware

Social Attacks are a Growing Threat

Phishing attacks aren’t only happening through email, hackers are also using social media as a way to fool users into divulging sensitive information or clicking a malicious link.

33% of data breaches studied included social attacks, which will typically use the direct messaging system of a social media platform like Facebook, LinkedIn, Twitter, etc.

Protection Methods:

  • Don’t allow personal social media use at work
  • Instruct employees on how to properly secure their social accounts with privacy settings

Not All Breaches are from Outsiders

34% of data breaches are coming from internal actors, which can be:

  • A disgruntled employee
  • A negligent employee
  • A hacker that’s stolen employee login credentials

Insider breaches are dangerous because they’re more difficult to detect since the perpetrator is using legitimate login credentials to access a company account or system.

Protection Methods:

  • Use two-factor authentication to safeguard logins
  • Ensure users have the lowest privilege settings required for their duties
  • Deploy credential safeguards that monitor logins (like a cloud access security broker)

You Can’t Trust It Just Because It’s an Office File

Users often trust Office document attachments, like Word and Excel, because they’re familiar. But the macro element in these file formats can turn them into malware delivery vehicles.

Approximately 45% of dangerous file attachments sent in phishing attacks use one of the Microsoft Office file formats.

Protection Methods:

  • Disable macros in Office programs
  • Use an antivirus program that scans all file attachments for malware before they can be opened

It’s Not Just Large Organizations That Are Targeted

If you think that no one is going to want to attack your small business and that hackers just go after the “big fish,” you’d be wrong.

Many data breach victims are small businesses. According to the report breach victims were:

  • 43% small businesses
  • 16% public sector entities
  • 15% healthcare organizations
  • 10% financial industry entities

Small businesses need to be just as prepared against a data breach as any large enterprise company, and actually more so, because a breach could do much more damage to them proportionate to their business.

Protection Methods:

  • Use cybersecurity best practices
  • Regularly review your IT security safeguards for any vulnerabilities

Ransomware is Still Going Strong

Ransomware has settled into becoming one of the main types of malware that hackers use because it creates so much disruption that businesses often pay the ransom just to get back up and running as fast as possible.

Nearly a quarter (24%) of all malware incidents involve ransomware. Ransomware has become so lucrative for cybercriminals that the average payment doubled between 2018 and 2019 to approximately $84,000.

Protection Methods:

  • Regularly backup all your business data (on-premises and cloud)
  • Test your data recovery process
  • Employ anti-phishing safeguards

Is Your Business Prepared for the Top Cybersecurity Threats?

When was the last time you did a vulnerability assessment of your IT security? Don’t suffer a costly breach, make sure you’re protected! Cleartech Group can review your current safeguards and let you know of any potential weak spots.

Contact us today to schedule your vulnerability assessment. Call us at 978-466-1938 or reach out online.