Verizon released a report on April 27 that found that cybercriminals are now focusing on exploiting "human nature" through phishing and ransomware. The 2016 Data Breach Investigations Report determined that the open rate of phishing messages has increased to 30 percent, up from 23 percent in 2015. Additionally, 13 percent of phishing message readers say they have clicked on malicious attachments and links.
Approximately 63 percent of confirmed data breaches can be linked to the use of weak, default or stolen passwords. Since 2015, ransomware attacks have increased 16 percent.
About 89 percent of all malicious attacks stem from financial or espionage motivations, according to the report. Additionally, cybercriminals appear to be targeting security holes that are already known to users and businesses. The researchers of the report claim that most attacks are simply the exploitation of vulnerabilities that have never been patched.
"You might say our findings boil down to one common theme -- the human element," said Bryan Sartin, executive director of global security services at Verizon Enterprise Solutions. "Despite advances in information security research and cyber detection solutions and tools, we continue to see many of the same errors we've known about for more than a decade now. How do you reconcile that?"
In 93 percent of the cases examined by the researchers, it took cybercriminals a matter of minutes to execute their attacks and compromise systems. In 28 percent of the instances analyzed, it took a similar amount of time for cybercriminals to seize disclosed data.
The researchers note that many cybercriminals are now taking a "three-pronged" approach. This involves sending a phishing email with malicious links, downloading malware onto a victim's device, and utilizing personal credentials to log onto third-party websites.
"By knowing their patterns, we can best prevent, detect and respond to attacks," Sartin continued.
Experts recommend utilizing two-factor authentication whenever possible, encrypting personal data, and being aware of what types of attacks are common in specific industries.
"This year's report once again demonstrates that there is no such thing as an impenetrable system, but often times even a basic defense will deter cybercriminals who will move on to look for an easier target," Sartin concluded.