What You Need to Know About Verizon's 2019 Data Breach Investigations Report

Verizon recently released the 12th edition of its Data Breach Investigations Report (DBIR), and believe it or not, the report illustrates a world in which cybercriminals are still utilizing many common hacking techniques to successfully breach systems and pilfer sensitive data.

In spite of the cybersecurity industry’s failures when it comes to stopping these hackers and bad actors, we are improving our capacity to stop them. This year featured an analysis of 41,686 security incidents — 2,013 of which were confirmed data breaches — a decrease from last year’s more than 50,000 analyzed incidents. Built using real-world data from 73 data sources, both public and private entities, spanning 86 countries worldwide, the 2019 DBIR highlighted the impact cybercrime has on the world, detailing increased costs for businesses around the globe.

What Actions Are Cybercriminals Using?

Cybercriminals continue to use the most common techniques because we, unfortunately, fail to prevent them. Compounding the issue, these techniques are both affordable and effective — this year’s report confirmed that attackers are successfully hacking into companies and governments around the world in fewer than five steps.

According to the report:

  • 52% of breaches featured hacking
  • 33% included social engineering
  • 28% involved the use of malware
  • 15% involved the misuse of authorized privileges

And of those attacks,

  • 69% were perpetrated by outsiders
  • 39% of all attacks are committed by organized criminal groups
  • 23% involved nation-state or state-affiliated actors
  • 34% involved internal actors

The motivation for these attacks? Overwhelmingly, the security landscape was dominated by financially motivated attacks (about 70 percent). And no matter the method or motivation, the majority of breaches (56%) took months or longer to discover. As data breaches continue making headlines around the world, organizations need to develop a better understanding of the threat landscape and how they can better protect both customer and proprietary information.

Who Are the Victims of Cybercrime?

Whether a direct target or a secondary victim as part of a supply chain, everyone is a cyberattack target, and it is only a matter of if not when before an organization becomes a victim.

“No organization is too large or too small to fall victim to a data breach. No industry vertical is immune to attack. Regardless of the type or amount of your organization’s data, there is someone out there who is trying to steal it.”

Alarmingly, the public sector was a prime target for attack as local governments, councils and cities all incurred significant financial costs as a result of ransomware attacks. Closely following the public sector was the healthcare industry, then the financial sector. Cyber espionage is rampant in the public sector, and in seeing nearly 24,000 incidents, 330 of those confirmed data disclosure. Healthcare stands out due to the majority of breaches being associated with internal actors, and incidents resulted in actual breaches at a far higher clip in healthcare. Finally, in spite of ATM skimming’s continued decline, denial of service and use of stolen credentials on banking applications remain common in the financial space.

  • 16% of breaches involved public sector entities
  • 15% of breaches impacted healthcare organizations
  • 10% of breaches included the financial industry

Perhaps most troubling of all, 43% of breaches involved small business victims. This statistic highlights the notion that everyone is a target, no organization is too small to be targeted and if data is valuable to you, it holds value to someone else too.

Other Takeaways

  • C-Level executives were twelve times more likely to be the target of social incidents and nine times more likely to be the target of social breaches than in years past.
  • With companies continuing to transition to more cost-efficient cloud-based solutions, their email and other valuable data migrate along with them. As such, there’s been a corresponding increase in hacking cloud-based email servers via the use of stolen credentials.
  • Payment card web application compromises are well on their way to exceeding physical terminal compromises in payment card-related breaches.
  • Ransomware attacks are still going strong, and account for nearly 24 percent of incidents where malware was used.
  • Research shows mobile users are more susceptible to phishing, probably because of their user interfaces and other factors. This is also the case for email-based spear phishing and social media attacks.

The Absolute Best Practice to Prevent Breaches

Implement effective cyber hygiene. Many breaches are still the result of poor security hygiene and a lack of attention to detail.

Verizon’s advice: “Clean up human error where possible, then establish an asset and security baseline around internet-facing assets like web servers and cloud services.”

Beyond using security software and ensuring all of your software and OSs are patched and that you’re effectively managing the deployment of third-party software, use passwords smartly, make sure you’re connecting to secure networks and accessing safe websites.

“The most important defense is knowledge. By gaining perspective, insight and understanding of the threats they face, organizations can take crucial steps to mitigate them.”

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-based and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-based patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.