RESEARCH TRIANGLE PARK – Human error is by far the biggest reason why cybercriminals are able to breach corporate data systems, according to a new report from IBM. And hackers are shifting their emphasis to ransomware, demanding payments from victims once systems are breached.

IBM says in 2017 that its researchers discovered breaches related to misconfigured cloud infrastructure by 424 percent to a record high. These were due “largely due to human error,” accounting for two thirds of the total.

“Last year, there was a clear focus by criminals to lock or delete data, not just steal it, through ransomware attacks,” said IBM’s Wendi Whitmore. “These attacks are not quantified by records breached, but have proven to be just as, if not more, costly to organizations than a traditional data breach. The ability to anticipate these attacks and be prepared will be critical as cybercriminals will continue to evolve their tactics to what proves most lucrative.”

Whitmore is Global Lead for IBM X-Force Incident Response and Intelligence Services, which released its latest cyber security report on Wednesday.

IBM says ransomware cost firms more than $8 billion last year with “debilitating attacks that were focused on locking critical data instead of compromising stored records.”

IBM found that there actually was a 25 percent drop in the number of records that were breached, down to 2.9 billion from 4 billion in 2016.

However, Big Blue warned that ransomware “reigned” as the biggest threat due to attacks such as WannaCry, NotPetya and Bad Rabbit.

Hit hardest were financial services firm, which suffered 27 percent of these assaults.

The full report is available for download.

IBM operates one of its largest campuses in RTP and employs several thousand people across North Carolina.