Beazley reports massive growth in breaches due to social engineering

You know about hacks and you know about malware – but are you paying attention to this major cause of data breaches

Beazley reports massive growth in breaches due to social engineering

Cyber

By Paul Lucas

Cyber, cyber, cyber. It’s not just the topic on the tip of everyone’s tongues, it’s also the topic that is constantly evolving – every time you think you know the answers, the questions seem to change.

For proof look no further than the latest Breach Insights report issued by Beazley earlier today. For all you may know about hacks and malware as major causes of data breaches, it seems that a new threat has emerged – with social engineering rising nine-fold during 2017.

So what’s the idea of social engineering?

In short, fraudsters are preying on employees’ roles in their companies to get hold of sensitive information or to wire transfer money across to criminal recipients. Generally, according to Beazley, these scams can take one of two forms: a W-2 scam, which usually occurs in the months before a tax deadline with targeted emails looking for employees to forward important information; or a fraudulent instruction, in which a fraudster actively impersonates a trusted party – perhaps a payment system vendor or a company executive – in order to prompt a fraudulent payment.

According to the specialist insurer, during the first three quarters of 2016 these forms of attacks only made up about 1% of the incidents it handled. Now they have soared to 9% during Q1-Q3, 2017. Professional services firms are regularly targeted – representing 18% of the total, followed by financial institutions, higher education and healthcare organisations.

“Social engineering can be quicker, easier and cheaper to implement for cybercriminals than stealing data and can be much more lucrative,” said Katherine Keefe, global head of BBR services. “We are urging our clients to implement tighter security and internal process controls, such as a requirement for dual authorization, and ensure that their employees are fully trained to spot potential attacks in order to reduce the chances of this happening.”

Her words were backed by Raf Sanchez, international breach response service manager at Beazley, who noted that trends in the US are making their way to the UK and Europe in general.

“Phishing and social engineering continue to be the main sources of attack, with higher education establishments and the public sector, which often hold the most sensitive and therefore the most valuable data, particularly affected,” he said.


Related stories:
SMEs are targets of cyber breach - Chubb
CFC revamps insurance proposition for tech firms
 

Keep up with the latest news and events

Join our mailing list, it’s free!