Social engineering attacks are on the rise across numerous industries as cyber attackers increasingly look to deceive in order to scam, according to London re/insurer Beazley’s Q3 2017 Breach Insights report.
The most prevalent cause of data breach during the first nine months of 2017 remains hacking and malware, which amounted to 34% of the total incidents reported to insurer and reinsurer, Beazley.
The above includes cyber extortion, which accounted for 30% of these attacks, says the re/insurer.
However, up from just 1% of the incidents handled by the firm’s specialist in-house data breach team, Beazley Breach Response (BBR), in the first nine months of last year, social engineering attacks accounted for 9% of reported incidents in the opening three quarters of 2017, which translates to 2,013 incidents.
Social engineering attacks are scams that involve deception, explains Beazley, and Global Head of its BBR division, Katherine Keefe, commented on the rise of such attacks.
“Social engineering can be quicker, easier and cheaper to implement for cybercriminals than stealing data and can be much more lucrative. As a leading data breach insurer, Beazley is concerned at the rapid development of this trend.
“We are urging our clients to implement tighter security and internal process controls, such as a requirement for dual authorization, and ensure that their employees are fully trained to spot potential attacks in order to reduce the chances of this happening,” said Keefe.
Social engineering attacks target employees’ roles in their companies in an effort to obtain sensitive information, or the wire transfer of money to fraudsters. Beazley said that typically, exploits like this come in one of two forms, being W-2 scams, which happen as tax filing deadlines approach, and also fraudulent instructions, which concerns a trusted party being impersonated to cause a payment.
Beazley’s International Breach Response Service Manager, Raf Sanchez, explained how trends in the U.S. are also playing out in Continental Europe and the UK.
“Phishing and social engineering continue to be the main sources of attack, with higher education establishments and the public sector, which often hold the most sensitive and therefore the most valuable data, particularly affected,” said Sanchez.
Broken down by industry sector, and for the first nine months of 2017, Beazley reveals that social engineering breaches accounted for 18% of incidents reported by professional service firms, 9% for financial institutions, 9% for higher education, and 3% for healthcare organisations.
Looking at each sector more closely, and Beazley’s latest breach report shows that for the healthcare sector, 41% of reported breaches related to unintended disclosure, with hacking and malware making up 19% of the total. Data breaches caused by insiders also increased in the healthcare sector, from 12% last year to 15% in 2017.
For higher education institutions, phishing remains the driver of data breaches, which, this year has targeted payroll systems to divert electronic deposits of wages to fraudsters’ accounts, shows the report.
According to Beazley, the growth of social engineering breaches was very evident in reported incidents by professional services companies, accounting for 18% of total reported incidents, with hacking and malware being the most prevalent, at 48%.
Social engineering breaches also represented the fastest growing trend of reported data breaches by financial institutions, jumping to 9% of the total, while hacking and malware attacks accounted for 46% of the total during the first nine months of 2017, compared with 40% in the same period last year.
As the report reveals, cyber risk continues to evolve at a rapid pace, underlining the challenge for insurers and reinsurers to develop innovative yet effective solutions that address the highly changeable and complex demands of the cyber risk transfer space.
