Cyber criminals double tapping targets, new study reveals

Over the past year, 39 per cent of companies were hit by cyber crime more than once, according to a new Cymulate study.

New data from Cymulate's study titled, Data Breaches Study: Methods, Implications, and Prevention, reveal cyber criminals are targeting businesses and organisations that don't update their cyber security strategies.

The most common attacks are phishing emails targeting end users (56 per cent) that contain malicious links that install malware, or links directing victims to fake login pages that steal usernames and passwords.

The companies surveyed by the Cymulate team revealed they had been victims to malware attacks (55 per cent) and ransomware attacks (40 per cent). Distributed denial-of-service (DDoS) attacks and cryptojacking attacks were other common incidents.

============

The survey also uncovered that vulnerable suppliers could be what allows hackers into the network. As it turns out, malicious cyber actors have been exploiting vulnerabilities in digital supply chains and third-party software connected to the network. The research found that in two-thirds of cases, victims had been attacked again after a 12 months.

The Cymulate team discovered that in some incidents, the same malicious cyber actor would return to attack organisations they had previously victimised, due to the original cyber security weaknesses that had remained unfixed.

The lack of understanding between boardrooms and information security teams are a result of poor communication according to the research.

The more often information security and leadership teams meet to discuss cyber threats and risks, according to the Cymulate researchers, the less likely the company will fall victim to a cyber attack. Those who met most often, at least 15 times a year, didn't suffer security breaches at all.

The Cymulate researchers recommend applying security patches and using multi-factor authentication (MFA) as some of the actionable steps that companies can do to help protect against falling victim to cyber attacks, which include phishing awareness campaigns, setting out an incident response plan and regularly updating offline backups.