Latest News - Cybercrime Costs, Ransomware Attacks and Social Engineering

This notice is archived content and this information may no longer be accurate.
T&I Information Security Office

Cybercrime Cost to Hit $2 Trillion in 2019
A study conducted by Juniper Research finds that rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to approximately $2.5 trillion globally by 2019—almost four times the estimated cost of breaches in 2015.  Researchers believe the majority of these breaches will surface from existing IT and network infrastructure. Cybercrime has been exploding for several years now, and a vast number of hacking groups are shifting their focus to mobile and Internet-of-Things devices, which are becoming an indispensable requisite for large businesses.

Ransomware Attack Takes California Hospital Offline
The computers at Hollywood Presbyterian Medical Center were recently down for more than a week after the Southern California hospital was hit by a ransomware attack.  The hospital is working with police and the FBI to discover the identity of the attackers. In a nightmare for any business, but especially a hospital, the network was offline and staffers struggled to deal with the loss of email and access to some patient data.  The hospital's President and CEO, Allen Stefanek, said the situation was declared an internal emergency and admitted emergency room systems were impacted by the malware.  Some patients were transported to other hospitals due to the incident.

Social Engineering Confirmed as Top Info Security Threat
Social engineering became the top attack technique in 2015 for beating cybersecurity, replacing exploits of hardware and software vulnerabilities, according to a study by Proofpoint.  According to researchers, attackers shifted away from automated exploits in 2015.  Instead, they engaged people through email, social media, and mobile apps to do the dirty work of infecting systems, stealing credentials, and transferring funds. Across attacks of all sizes, threat actors used social engineering to trick people into doing things that once depended on malicious code.  Attackers typically use people as “enablers,” tricking them into ignoring or disabling security to install malware, and as “facilitators,” persuading them to hand over valuable system credentials.