88 of 170 incidents specifically targeted HR staff to obtain personal data of employees.
The human resources team is under serious threat by cyber attackers as per a report by Verizon (Data Breach Investigations Report).
According to the report which was published in 2017 only 61 incidents were reported while the number has grown five times since then and around 170 incidents were reported. 88 of these incidents specifically targeted HR staff to obtain personal data for the filing of fraudulent tax returns. The report analysed 53,000 incidents and 2,216 breaches from 65 countries.
The incidents targeting human resources staff do have a confidentiality loss associated with them. The data most often coveted in these incidents is the salary and other personal information which is used to file fraudulent tax returns on their behalf so that the refunds are directly deposited to the attackers’ account.
In around 68 per cent of breaches, it took months or longer to discover, even though in 87 per cent of the breaches data was x`compromised within minutes or less of the attack taking place.
Even employees are falling victim to social attacks. Financial pretexting and phishing represent 98 per cent of social incidents and 93 per cent of all breaches investigated – with email continuing to be the main entry point (96 percent of cases).
Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasising the need for ongoing employee cybersecurity education.
The report states that ransomware is the most common type of malware, found in 39 percent of malware-related data breaches – double that of last year’s DBIR – and accounts for over 700 incidents.
The Verizon’s analysis also shows that attacks are now moving into business-critical systems, which encrypt file servers or databases, inflicting more damage and commanding bigger ransom requests.
Bryan Sartin, executive director security professional services, Verizon, says, “Companies also need to continue to invest in employee education about cybercrime and the detrimental effect a breach can have on brand, reputation and the bottom line. Employees should be a business’s first line of defence, rather than the weakest link in the security chain. Ongoing training and education programs are essential. It only takes one person to click on a phishing email to expose an entire organisation.”