Cyber-criminals are continuing to exploit human nature as they rely on familiar attack patterns such as phishing, and are increasing their reliance on ransomware, according to a recent report from Verizon.
The report found most attacks exploit known vulnerabilities that have never been patched despite patches being available for months or even years.
In fact, the top 10 known vulnerabilities accounted for 85 percent of successful exploits, and 89 percent of all attacks involve financial or espionage motivations.
"One of the most concerning findings was the fact that 63 percent of data breaches were a result of weak, default or stolen passwords," Ryan Disraeli, co-founder and vice president of TeleSign, told eWEEK. "At TeleSign, we know passwords are failing us when it comes to protecting online accounts. In fact, our research shows that 70 percent of consumers no longer trust passwords to protect them, but Verizon's report makes it clear that online security best practices are not evolving as fast as they should. It's up to both businesses and consumers to step up their efforts."
Disraeli said more businesses need to start offering (even mandating) additional layers of security such as two-factor authentication, which makes it more difficult for hackers to attack accounts.
And consumers should take advantage of free additional security measures, such as two-factor authentication, wherever it's available to protect themselves and their online lives, he said.
One area that has picked up dramatically over the prior year is phishing, in which end users receive an email from what they believe is a trusted but actually is a fraudulent source.
Alarmingly, 30 percent of phishing messages were opened—up from 23 percent in Verizon's 2015 report—and 13 percent of those clicked to open the malicious attachment or nefarious link.
Also worth noting from the report is that Web application attacks climbed to the top spot for data breaches, up 33 percent over prior year, and the vast majority (95 percent) were financially motivated.
"We believe the next few years are going to see consumer account security evolving to incorporate additional layers of authentication built around real-time intelligence and identity data," Disraeli said. "While passwords will largely remain as the first layer of defense, adoption of additional layers such as two-factor authentication via mobile devices will increase and new security services like behavioral biometrics will begin to rise in popularity due to their ability to provide greater account protection and identity insights, with no additional friction to end users."
He said this layered approach ultimately will provide businesses with the identity assurance and real-time analytics they need to combat ever-evolving fraud challenges that threaten their own revenues and the security of their end users.