C-Suite Beware: You are the latest targets of cybercrime, warns Verizon 2019 Data Breach Investigations Report

  • C-level executives increasingly and proactively targeted by social breaches – correlating to a rise of social-engineering attacks with financial motivation.
  • Compromise of web-based email accounts using stolen credentials (98 percent) rising -seen in 60 percent of attacks involving hacking a web application.
  • One quarter of all breaches still associated with espionage.
  • Ransomware attacks still strong, accounting for 24 percent of the malware incidents analyzed and ranking #2 in most-used malware varieties.
  • 12th edition of the DBIR includes data from 73 contributors, the highest number since launch.
  • Analyzes 41,686 security incidents, and 2,013 confirmed breaches from 86 countries.

NEW YORK, May 08, 2019 (GLOBE NEWSWIRE) — C-level executives – who have access to a company’s most sensitive information, are now the major focus for social engineering attacks, alerts the Verizon 2019 Data Breach Investigations Report. Senior executives are 12x more likely to be the target of social incidents, and 9x more likely to be the target of social breaches than in previous years – and financial motivation remains the key driver. Financially-motivated social engineering attacks (12 percent of all data breaches analyzed) are a key topic in this year’s report, highlighting the critical need to ensure ALL levels of employees are made aware of the potential impact of cybercrime.

“Enterprises are increasingly using edge-based applications to deliver credible insights and experience. Supply chain data, video, and other critical – often personal – data WILL be assembled and analyzed at eye-blink speed, changing how applications utilize secure network capabilities” comments George Fischer, president of Verizon Global Enterprise. “Security must remain front and center when implementing these new applications and architectures.

“Technical IT hygiene and network security are table stakes when it comes to reducing risk. It all begins with understanding your risk posture and the threat landscape, so you can develop and action a solid plan to protect your business against the reality of cybercrime. Knowledge is power, and Verizon’s DBIR offers organizations large and small a comprehensive overview of the cyber threat landscape today so they can quickly develop effective defense strategies.”

A successful pretexting attack on senior executives can reap large dividends as a result of their – often unchallenged – approval authority, and privileged access into critical systems. Typically time-starved and under pressure to deliver, senior executives quickly review and click on emails prior to moving on to the next (or have assistants managing email on their behalf), making suspicious emails more likely to get through. The increasing success of social attacks such as business email compromises (BECs -which represent 370 incidents or 248 confirmed breaches of those analyzed), can be linked to the unhealthy combination of a stressful business environment combined with a lack of focused education on the risks of cybercrime.

This year’s findings also highlight how the growing trend to share and store information within cost-effective cloud based solutions is exposing companies to additional security risks. Analysis found that there was a substantial shift towards compromise of cloud-based email accounts via the use of stolen credentials. In addition, publishing errors in the cloud are increasing year-over-year. Misconfiguration (“Miscellaneous Errors”) led to a number of massive, cloud-based file storage breaches, exposing at least 60 million records analyzed in the DBIR dataset. This accounts for 21 percent of breaches caused by errors.

Bryan Sartin, executive director of security professional services at Verizon comments, “As businesses embrace new digital ways of working, many are unaware of the new security risks to which they may be exposed. They really need access to cyber detection tools to gain access to a daily view of their security posture, supported with statistics on the latest cyber threats. Security needs to be seen as a flexible and smart strategic asset that constantly delivers to the businesses, and impacts the bottom line.”

Major findings in summary

The DBIR continues to deliver comprehensive data-driven analysis of the cyber threat landscape. Major findings of the 2019 report include:

  • New analysis from FBI Internet Crime Complaint Center (IC3): Provides insightful analysis of the impact of Business Email Compromises (BECs) and Computer Data Breaches (CDBs). The findings highlight how BECs can be remedied. When the IC3 Recovery Asset Team acts upon BECs, and works with the destination bank, half of all US-based business email compromises had 99 percent of the money recovered or frozen; and only 9 percent had nothing recovered.
  • Attacks on Human Resource personnel have decreased from last year: Findings saw 6x fewer Human Resource personnel being impacted this year compared to last, correlating with W-2 tax form scams almost disappearing from the DBIR dataset.
  • Chip and Pin payment technology has started delivering security dividends: The number of physical terminal compromises in payment card related breaches is decreasing compared to web application compromises.
  • Ransomware attacks are still going strong: They account for nearly 24 percent of incidents where malware was used. Ransomware has become so commonplace that it is less frequently mentioned in the specialized media unless there is a high profile target.
  • Media-hyped crypto-mining attacks were hardly existent: These types of attacks were not listed in the top 10 malware varieties, and only accounted for roughly 2 percent of incidents.
  • Outsider threats remain dominant: External threat actors are still the primary force behind attacks (69 percent of breaches) with insiders accounting for 34 percent.       

Putting business sectors under the microscope

Once again, this year’s report highlights the biggest threats faced by individual industries, and also offers guidance on what companies can do to mitigate against these risks.

“Every year we analyze data and alert companies as to the latest cybercriminal trends in order for them to refocus their security strategies and proactively protect their businesses from cyber threats. However, even though we see specific targets and attack locations change, ultimately the tactics used by the criminals remain the same. There is an urgent need for businesses – large and small – to put the security of their business and protection of customer data first. Often even basic security practices and common sense deter cybercrime,” comments Sartin.

Industry findings of note include:

  • Educational Services: There was a noticeable shift towards financially motivated crime (80 percent). 35 percent of all breaches were due to human error and approximately a quarter of breaches arose from web application attacks, most of which were attributable to the use of stolen credentials used to access cloud-based email.
  • Healthcare: This business sector continues to be the only industry to show a greater number of insider compared to external attacks (60 versus 42 percent respectively). Unsurprisingly, medical data is 18x more likely to be compromised in this industry, and when an internal actor is involved, is it 14x more likely to be a medical professional such as a doctor or nurse.
  • Manufacturing: For the second year in a row, financially motivated attacks outnumber cyber-espionage as the main reason for breaches in manufacturing, and this year by a more significant percentage (68 percent).
  • Public Sector: Cyber-espionage rose this year – however, nearly 47 percent of breaches were only discovered years after the initial attack.
  • Retail: Since 2015, Point of Sale (PoS) breaches have decreased by a factor of 10, while Web Application breaches are now 13x more likely.

(More findings on all individual industries may be located in the full report.) 

More data from highest number of contributors ever means deeper insights

“We are privileged to include data from more contributors this year than ever before, and had the pleasure of welcoming the FBI into our fold for the very first time,” adds Sartin. “We are able to provide the valuable insights from our DBIR research as a result of the participation of our renowned contributors. We would like to thank them all for their continued support and welcome other organizations from around the world to join us in our forthcoming editions.”

This is the 12th edition of the DBIR and boosts the highest number of global contributors so far – 73 contributors since its launch in 2008. It contains analysis of 41,686 security incidents, which includes 2,013 confirmed breaches. With this increase of contributors Verizon saw a substantial increase of data to be analyzed, totaling approximately 1.5 billion data points of non-incident data.

This year’s report also debuts new metrics and reasoning which helps identify which services are seen as the most lucrative for attackers to both scan for and attack at scale. This analysis is based on honeypot and internet scan data.

The complete Verizon 2019 Data Breach Investigations Report as well as Executive summary is available on the DBIR resource page. Any organization wishing to become a DBIR contributor should contact dbir@verizon.com for further information.

About Verizon’s security services and solutions
Verizon is a leader in delivering global managed security solutions to enterprises in the financial services, retail, government, technology, healthcare, manufacturing, and energy and transportation sectors. Verizon combines powerful intelligence and analytics with an expansive breadth of professional and managed services, including customizable advanced security operations and managed threat protection services, next-generation commercial technology monitoring and analytics, threat intel and response service and forensics investigations and identity management. Verizon brings the strength and expert knowledge of more than 550 consultants across the globe to proactively reduce security threats and lower information risks to organizations.

Verizon Communications Inc. (NYSE, Nasdaq: VZ), headquartered in New York City, generated revenues of $130.9 billion in 2018. The company operates America’s most reliable wireless network and the nation’s premier all-fiber network, and delivers integrated solutions to businesses worldwide. With brands like Yahoo, TechCrunch and HuffPost, the company’s media group helps consumers stay informed and entertained, communicate and transact, while creating new ways for advertisers and partners to connect. Verizon’s corporate responsibility prioritizes the environmental, social and governance issues most relevant to its business and impact to society.

VERIZON’S ONLINE MEDIA CENTER: News releases, stories, media contacts and other resources are available at www.verizon.com/about/news/. News releases are also available through an RSS feed. To subscribe, visit www.verizon.com/about/rss-feeds/.

Verify by Visa Rebrands to Visa Secure

VerifiedbyVisa is designed to make online purchases with your Visa credit card even more secure. Visa announced via the merchant business news digest March 28, 2019 the Verified by Visa (VbV) program name will be rebranded to Visa Secure. Visa Secure uses 3DS, the industry-wide e-commerce authentication standard.

Existing VbV marks will be replaced with a Visa Secure badge across consumer-facing merchant and issuer channels, while all 3DS authentication screens will simply display the Visa logo.

verified by visa
Old Verified by Visa logo
Visa Secure logo
New Visa Secure logo

Visa developed the 3-D Secure standard—currently branded for Visa cardholders as Verified by Visa— to provide merchants and issuers a way to authenticate the cardholder for card-not-present payments.

Starting 1 October 2019, merchants must use the new badge and messaging whenever EMV 3DS technology is used.

Contact At Once! and AdvantageTec Become LivePerson Automotive And Launch End-to-End Conversational Commerce Platform for Automobile Sales and Service

ATLANTA, Jan. 25, 2019 /PRNewswire/ — LivePerson, Inc. (Nasdaq: LPSN) announced today that its automotive division, including Contact At Once! and AdvantageTec, will use its new moniker LivePerson Automotive at the National Automobile Dealer’s Association (NADA) conference in San Francisco this week. Contact At Once! and AdvantageTec, two leading industry messaging solutions, have combined forces with their parent company LivePerson to deliver an end-to-end customer lifecycle conversational commerce platform that connects consumers through messaging to the whole dealership—from sales to service.

“I’m excited about the LivePerson Automotive branding because it sets the stage for where we want to take our dealer, manufacturer and advertising partners, and it reinforces yet again that we know this industry puts relationships first,” says Denise Chudy, general manager of LivePerson Automotive. “We are still the same great companies our customers are used to working with, but this serves as a reminder of the added strength, scale and know-how we bring with the industry’s most widely deployed automotive messaging platform, an innovative DMS-integrated service texting solution and the depth and breadth of LivePerson’s technologies…all working for you.”

LivePerson Automotive’s conversational commerce platform can connect consumers with their dealership through all the steps involved in buying and owning a vehicle. “Our key differentiation is our ability to make the shopping process conversational from just about any advertising point or messaging channel and then carry that connection into servicing the car and building a loyal relationship,” adds Chudy. “From initial research to digital retailing steps, service updates and payments, dealers and consumers are continuously connected with LivePerson Automotive.”

Andy Costello, General Manager of BMW of San Rafael who is a Contact At Once! and AdvantageTec customer, points out that consumers really like the experience too. “Our customers are very happy to get updates, schedule appointments, approve repair orders, and even pay—all through a messaging conversation,” says Costello. “CAO! Connect helps us create more conversations with shoppers from the moment they start looking, and AdvantageTec helps us turn those car buyers into lifelong customers.” 

Learn more exciting updates for LivePerson Automotive and our consumer lifecycle conversational commerce platform at NADA 2019 in San Francisco, January 24 – 27 (Booth 6831W) or by texting us at +1 404-850-9297.

ABOUT LIVEPERSON AUTOMOTIVE
LivePerson Automotive, formerly Contact At Once! and AdvantageTec, helps create satisfying connections and build relationships between consumers and automotive companies to enable better experiences when they’re shopping for or getting vehicles serviced. LivePerson Automotive is the industry’s leading provider of messaging platforms with over 17,000 businesses using our solutions to enable conversational commerce, from brands to retailer sites, via online advertising, in-app messaging, social media and more. For more information, visit www.liveperson.com/solutions/automotive.

ABOUT LIVEPERSON, INC.
LivePerson makes life easier by transforming how people communicate with brands. Our 18,000 customers, including leading brands like Citibank, HSBC, Orange, and The Home Depot, use our conversational commerce solutions to orchestrate humans and AI, at scale, and create a convenient, deeply personal relationship — a conversational relationship — with their millions of consumers. For more information about LivePerson (NASDAQ: LPSN), please visit www.liveperson.com.

MEDIA CONTACT
Jennifer Sutton
LivePerson
PR (at) liveperson.com

SOURCE LivePerson, Inc.

3DMERCHANT NOTE: We offer AdvantageTec products, including integrated with virtual terminal and payment gateway for express customer checkout. Saves time and money. With 3-D Secure, the cost of accepting credit cards remotely is virtually the same as card present in most cases, and merchants are also protected from “it wasn’t me, I didn’t authorize” fraud. Contact us for Liveperson text, chat, and click and pay solutions.

Elavon Acquires CenPOS, Enhancing Elavon’s Digital Capabilities, Integrating Payments into CenPOS Software

MINNEAPOLIS–(BUSINESS WIRE)–Elavon, a global payments provider and subsidiary of U.S. Bancorp, has acquired CenPOS, a Miami-based company offering integrated payment software solutions to large enterprises.

“More and more, businesses are choosing their payment provider based on the software solutions they use to manage other parts of their operations. With this acquisition, customers of both companies will benefit from the strengths and opportunities these organizations offer in important industry segments.”

CenPOS focuses on three industry verticals: automotive, travel and entertainment (T&E), and general business-to-business transactions, which aligns well with Elavon’s strengths. In addition, CenPOS’ distribution strategy and product capability complement Elavon’s assets, all of which make the two entities an excellent fit.

Increasingly, business owners expect that the software packages they use to run their businesses will come with payments acceptance and processing embedded in the software offering. Elavon is paving a way to future growth by integrating with these software packages.

“Elavon recognizes the tremendous potential we have to bring greater value to our customers by integrating with software companies like CenPOS,” said Jamie Walker, CEO of Elavon. “More and more, businesses are choosing their payment provider based on the software solutions they use to manage other parts of their operations. With this acquisition, customers of both companies will benefit from the strengths and opportunities these organizations offer in important industry segments.”

“The CenPOS team is elated to join Elavon,” said Jorge Fernandez, CEO, who cofounded CenPOS with German Gonzalez. “Elavon’s suite of payment products, coupled with the stability and array of financial offerings from U.S. Bank, gives CenPOS an unparalleled competitive edge in the market. Likewise, CenPOS’s technology brings new market expertise to Elavon’s current technology solutions.”

U.S. Bank has a long history in payments, with scale and deep experience that offer a unique value to customers. Elavon accepts and processes payments on behalf of more than a million businesses in the United States, Canada, Mexico and Europe. Adding CenPOS to the U.S. Bancorp family will provide even greater scale and payments capabilities.

The acquisition closed on January 8, 2019. Financial terms of the deal were not disclosed.

Elavon provides end-to-end payment processing solutions and services to more than 1.3 million customers in the United States, Europe, Canada, Mexico, and Puerto Rico. As the leading provider for airlines and a top five provider in hospitality, healthcare, retail, and public sector/education, Elavon’s innovative payment solutions are designed to solve pain points for businesses from small to enterprise-sized.

U.S. Bancorp, with 74,000 employees and $465 billion in assets as of September 30, 2018, is the parent company of U.S. Bank, the fifth-largest commercial bank in the United States. The Minneapolis-based bank blends its relationship teams, branches and ATM network with mobile and online tools that allow customers to bank how, when and where they prefer. U.S. Bank is committed to serving its millions of retail, business, wealth management, payment, commercial and corporate, and investment services customers across the country and around the world as a trusted financial partner, a commitment recognized by the Ethisphere Institute, which named the bank a 2018 World’s Most Ethical Company. Visit U.S. Bank at usbank.com or follow on social media to stay up to date with company news.