Verizon 2019 Data Breach Report

Data breaches continue to make headlines around the world. Seemingly, no matter what defensive measures security professionals put in place, attackers are able to circumvent them.  

Nearly 70% of cyber-attacks are perpetrated by outsiders but 345 of these attacks involve internal employees/staff and almost 40% involve criminal groups and some 23% involve Nation States.

However, the C-suite, who have access to a company’s most sensitive information, are now the major focus for social engineering and cyber-attacks.

No organisation is too large or too small to fall victim to a data breach. Having a sound understanding of the threats you and your peer organisations face, how they have evolved over time, and which tactics are most likely to be utilised can prepare you to manage these risks more effectively and efficiently.

The Verizon Data Breach Investigations Report (DBIR) provides, an important, perspectives on threats that organisations face. The 12th DBIR is built on real-world data from 41,686 security incidents and 2,013 data breaches provided by 73 data sources, both public and private entities, spanning 86 countries worldwide.

Key Takeaways

Senior Executives:  C-level executives were twelve times more likely to be the target of social incidents and nine times more likely to be the target of social breaches than in years past. To further underline the growth of financial social engineering attacks, both security incidents and data breaches that compromised executives rose from single digits to dozens in this report.

Cloud Hacking: As companies continue to transition to more cost- efficient cloud-based solutions, their email and other valuable data migrate along with them. Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value.

Consequently, there’s been a corresponding increase in hacking cloud-based email servers via the use of stolen credentials. This is not an indication that cloud- based services are less secure, however. It is simply that phishing attacks, credential theft and configuration errors are a natural by-product of the process.

Payment Card Breaches:  Payment card web application compromises are well on their way to exceeding physical terminal compromises in payment card-related breaches. Data from one of our contributors, the National Cyber- Forensics and Training Alliance (NCFTA), substantiates this shift appears to have already occurred, and our larger data set is also trending that way.

Ransomware:  Ransomware attacks are still going strong, and account for nearly 24 percent of incidents where malware was used. Ransomware has become so commonplace that it is less frequently mentioned in the specialized media unless there is a high-pro le target in the mix.

However, it is still a serious threat to all industries. Meanwhile, some other threats that are frequently hyped, such as crypto-mining (2% of malware), occur very infrequently in our data set.
 
Chip and Pin: The number of physical terminal compromises in payment card-related breaches is decreasing when compared to web application compromises. This may be partly due to the implementation of chip and pin payment technology starting to show progress.

HR Improvements:  Interestingly, attacks on Human Resource personnel have decreased from last year. Our data set showed 6x fewer Human Resource personnel being impacted this year compared to last. This correlates with W-2 tax form scams almost disappearing entirely from the DBIR data set.

Click- Through Rates: Click-through rates on phishing simulations for data partners fell from 24% to 3% during the past seven years. But 18% of people who clicked on test phishing links did so on mobile devices.

Research shows mobile users are more susceptible to phishing, probably because of their user interfaces and other factors. This is also the case for email-based spear phishing and social media attacks.

Verizon

You Might Also Read:

SMEs Risk Costs Of Up To $2.5m Following A Breach:

 

 

« ‘Chinese Spies’ Had NSA Cyber Weapons Before The Shadow Brokers Leak
Hackers Don't Only Target Big Business »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Brinqa

Brinqa

Brinqa is a leading provider of unified risk management and security analytics.to manage IT governance and technology risk.

MixMode

MixMode

MixMode's PacketSled platform delivers network monitoring, deep forensic analysis and incident response.

SecureMetric Technology

SecureMetric Technology

SecureMetric is one of SE Asia’s leading players in the field of digital security with a focus on Software Licensing Protection, 2-Factor Authentication, Advanced Identity and Access Management, Publi

Xcina Consulting (XCL)

Xcina Consulting (XCL)

Xcina Consulting provides high quality business and technology risk assurance and advisory services.

SCADASUDO

SCADASUDO

SCADASUDO is a cyber solution architecture and design office, established by leading experts in the field of OT (Industrial control) and IT (information Technology).

Humming Heads

Humming Heads

Humming Heads offers a complete solution to fight the advanced threats that target a company's endpoints and servers.

SDG Corp

SDG Corp

SDG is a global cybersecurity, identity governance, risk consulting and advisory firm, addressing complex security, compliance and technology needs.

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications and Information Protection is the technical security and intelligence service of Ukraine, under the control of the President of Ukraine.

CISO Global

CISO Global

CISO Global (formerly Cerberus Sentinel) are on a mission to demystify and accelerate our clients’ journey to cyber resilience, empowering organizations to securely grow, operate, and innovate.

Otorio

Otorio

OTORIO delivers industrial cybersecurity and digital risk-management solutions and services. We help our customers to keep their revenue-generating operations resilient, efficient, and safe.

Blacksands

Blacksands

Blacksands is a leader in network architecture, identity & services management, threat analysis, industrial IoT architecture, and invisible dynamic networks.

SecurityGen

SecurityGen

SecurityGen is a global cybersecurity start-up focused on telecom security, with a focus on 5G networks.

Phronesis Security

Phronesis Security

Phronesis Security is committed to delivering world-class cyber security consulting with a tangible social and environmental impact.

Synoptek

Synoptek

Synoptek is a global systems integrator and managed IT services provider (MSP). We offer comprehensive IT management and consultancy services to organizations worldwide.

Pulsar Security

Pulsar Security

Pulsar Security is a team of highly skilled, offensive cybersecurity professionals with the industry's most esteemed credentials and advanced real-world experience.

Dial A Geek

Dial A Geek

Dial A Geek are a Bristol-based B Corp that provides Managed IT Services to companies of 20+ users. We help businesses with a smart use of tech, including compliance and cybersecurity solutions.