Like a favorite movie that you’ve watched time and time again, the 12th annual Data Breach Investigations Report (DBIR) retains the same charm of past iterations, yet still finds a way to keep us hooked. If this is your first time around and you’re not a diehard cinema cyber security fanatic like us, we have you covered with this synopsis. So, without further ado, welcome to the party, pal!
Summary of Findings
The 2019 Verizon Data Breach Investigation Report covers data collected from 41,686 security incidents, and 2013 data breaches from 73 sources covering 86 countries in 2018. Unsurprisingly, it contains some of the same characters as previous years, but luckily provides the following new information to keep things interesting:
- Though humans are almost always the weakest link, C-level executives are 12x more likely to be targeted for social incidents, and 9x more for social breaches over past reports. What has in the past been a relatively low number of incidents and breaches has grown substantially in the past year.
- Cloud solutions attacks via stolen credentials continue to be an issue as the number of cloud migrations continue to rise. This is not due to lesser security of cloud services, but that forms of attack methods used to gain credentials (e.g., phishing, configuration errors, and credential theft) have been successful.
- Click-through rates of phishing simulations have decreased from 24% to 3% over the past 7 years (good news!). Employees are getting wiser and less apt to click on suspicious items. However, of those that did click, mobile devices proved to be a major factor. This is most likely due to the limited interface providing less information on these devices.
- U.S.- based businesses hit with Business Email Compromise (BEC) or Computer Data Breach (CDB) lost a median of $8,000 and $25,000 respectively. However, of those afflicted with BEC, half recovered 99% of their money.
- Human resource attacks occurred 6x less in 2018 than in previous years. This suggests a correlation with the decrease in W-2 tax scams that accompanied it in the DBIR data.
Who Fell Victim to Breach?
Much like last year’s report, the largest percentage of breach victims came from small- and medium-sized businesses (SMB). Statistically, 43% of breaches involved small businesses (compared to 58% in 2017). These SMBs are often less prepared to combat these security attacks but deal with many of the same threats as their larger counterparts. In a major departure from last year’s report, healthcare breaches made up only 15% of breaches versus 24% in 2017.
Source: Verizon DBIR Executive Summary
Who Conducted Attacks?
What may be the most interesting data on this chart is that over 1 in 3 attacks involve internal actors. This means that out of all breaches that were recorded in 2018, 34% included someone within an organization that facilitated an attack in some way.
Source: Verizon DBIR Executive Summary
Verizon analysts also identified that 1 in 4 breaches are caused by accidentally publishing data to an unintended audience, misconfiguring servers, or incorrectly delivering sensitive information. These factors are all preventable. Internal system checks and other configuration scanning can immensely reduce the risk of accidental disclosure, and external system checks can reduce this even further. Do not discount the ability of even the best individuals to make mistakes. Measure twice, cut once.
The Weakest Link
In 2018, good, old-fashion hacking remained king of the hill in terms of vehicles used for data breaches. What really takes us into Hazzard County is that incidents using social engineering as the attack method have doubled since 2013. Though humans have always been the weakest link in the path to a breach, we are being exploited more than ever. Phishing, the act of utilizing a scam link in an apparently innocent email or other communication, is still the most utilized social engineering technique. However, pretexting, a method in which an attacker develops a dialogue with their victim to gain information, now represents close to 20% of social attacks, increasing the combined attacks to 97% of social breaches.
Source: Verizon DBIR Page 4
Threat Breakdown by Industry
A new addition to the DBIR is a breakdown of threats faced in 2019 by industry. This is highly relevant to any individual working in a cyber security or IT role as it allows one to focus on likely attack vectors and threats that are most commonly associated with certain industries.
When analyzing the table below, it is important to know the difference between a breach and an incident: an incident represents an event that breaks the rules or policy of the organization in which it occurred, while a breach must meet certain state and/or federal regulatory guidelines.
Source: Verizon DBIR Page 8
You're Already A Statistic and Other Key Takeaways
It’s 2019, and on one side or another, you are part of the statistics presented in the DBIR. Hitting 88 miles per hour in your DeLorean can’t turn back time after an incursion, but if you remain vigilant and keep your security top-of-mind, you can reduce the risk of an incident or breach, and manage the impact that it has on your business. Here are a few ways to stay on top of your security:
- Apply Two-Factor Authenication: If you haven’t applied two-factor authentication to every product or service that you work with, you should. It may not be foolproof, but any extra steps added to an attacker’s plan can be a deterrent enough.
- Be Wary of the Inside Man: Nearly 1 in 3 attacks are facilitated by an insider. Restrict access to sensitive data, and ensure that your employees know that everything is visible to you. Following a trust, but verify approach, and have controls in place to detect user behavioral anomalies. This will help prevent this rising attack trend.
- Maintain Social Awareness: Now more than ever, we are likely to be targets of social engineering. Stay vigilant, check emails for any executable files or suspicious links, and ensure that there is a protocol for employees to report any suspected phishing or pretexting attempts.
- Stay Sanitary: A large number of breaches occur due to poor cyber hygiene. Reduce human error by double-checking outward-facing systems, and ensure that there is a strong security baseline to which it can be compared.
- Give Yourself a Fighting Chance: By finding the right security partner to help you with the monitoring, detection, and response aspects of cyber security, you can go a long way to show your due diligence and ensure that you don’t add to the growing list of cyber statistics in the 2020 addition to the DBIR saga.
If this is your first time around with the DBIR, you should be anything but alarmed or worried. If knowledge is power, the annual Verizon DBIR has given us the tools and insights we need to become more resilient in both our personal and professional lives. The industries have shifted slightly over the last few years, but many of the attack vectors remain constant; social engineering, emails, insider threats, and ransomware are all still popular methods for cyber attackers, who will not shift their tactics until they are forced to do so. At Dataprise Cyber, we provide our customers with the people, processes, and technology to detect and respond to even the most sophisticated attacks, and the visibility and telemetry necessary to ensure that their business remains safe, no matter the threat.