Data breaches due to social engineering are up sharply, says a report published Tuesday by New York City-based specialist insurer Beazley.
The report details data breaches that have been reported to Beazley Breach Response (BBR) Services, the insurer’s unit that helps clients manage such incidents.
Hacking and malware remain the most prominent cause of data breaches, accounting for 34% of total incidents, the insurer says, but hackers are increasingly using social engineering to create data breaches.
Hackers typically use social engineering — scams involving deception — either to gain access to sensitive information, Beazley says in its announcement, or to engineer fraudulent wire transfers.
Social engineering attacks accounted for only 1% of data breaches incidents handled by BBR Services In the first three quarters of 2016, the report notes. This soared to 9% of the 2,013 incidents reported to BBR Services in the first three quarters of 2017.
In the financial sector, hacking and malware attacks accounted for 46% of reported data breaches in the first nine months in 2017, up from 40% for the same period in 2016. Unintended disclosure ranked second, accounting for 25% of incidents in the sector. Social engineering accounted for 9% of breaches among financial institutions.
“Social engineering can be quicker, easier and cheaper to implement for cybercriminals than stealing data and can be much more lucrative. As a leading data breach insurer, Beazley is concerned at the rapid development of this trend,” says Katherine Keefe, global head of BBR Services, in a statement.
“We are urging our clients to implement tighter security and internal process controls, such as a requirement for dual authorization, and ensure that their employees are fully trained to spot potential attacks in order to reduce the chances of this happening,” she adds.
Photo copyright: beebright/123RF