• Kevin Thomas

Verizon Releases 2020 Data Breach Investigations Report

While we see articles and posts on the state of cybersecurity all the time, the Verizon 2020 Data Breach Investigation report has some great insight and information that should help you become more aware, help you plan future strategy, and help you justify budget and resource allocation to protect your business.

Here are some key takeaways from the report:

1. Many believe shady Internal actors to be the most common cause of breaches, but the DBIR data continues to show that External actors are—and always have been—more common. In fact, 70% of breaches this year were caused by outsiders.

2. Espionage gets the headlines but accounts for just 10% of breaches in this year’s data. The majority (86% of breaches) continue to be financially motivated. Advanced threats— which also get lots of buzz—represent only 4% of breaches. Credential theft, social attacks (i.e., phishing and business email compromise) and errors cause the majority of breaches (67% or more). These tactics prove effective for attackers, so they return to them time and again. For most organizations, these three tactics should be the focus of the bulk of security efforts.

3. Ransomware now accounts for 27% of Malware incidents, and 18% of organizations blocked at least one piece of ransomware. No organization can afford to ignore it. Oh, what a tangled web application Attacks on web apps were a part of 43% of breaches, more than double the results from last year. As workflows move to cloud services, it makes sense for attackers to follow. The most common methods of attacking web apps are using stolen or brute-forced credentials (over 80%) or exploiting vulnerabilities (less than 20%) in the web application to gain access to sensitive information.

4. Personal data is getting swiped more often—or those thefts are being reported more often due to disclosure regulations. Either way, Personal data was involved in 58% of breaches, nearly twice the percentage in last year’s data. This includes email addresses, names, phone numbers, physical addresses and other types of data that one might find hiding in an email or stored in a misconfigured database.

5. This year’s DBIR saw a high number of internal-error-related breaches (881, versus last year’s 424). While people are certainly still far from perfect, this increase is likely due to improved reporting requirements because of new legislation and changes in existing law rather than insiders making more frequent mistakes.

6. Security tools are getting better at blocking common malware. The DBIR data shows that Trojan-type malware peaked at just under 50% of all breaches in 2016 and has since dropped to just 6.5%. Malware sampling indicates that 45% of malware is either droppers, backdoors or keyloggers. Although this kind of threat is still plentiful, much of it is being blocked successfully.

7. Less than 5% of breaches involved the exploitation of a vulnerability. In our dataset, we do not see attackers attempting these kinds of attacks that often; only 2.5% of security information and event management (SIEM) events involved exploiting a vulnerability. This finding suggests that most organizations are doing a good job at patching—so keep it up. However, while patching does seem to be working, poor asset management can hide big problems. Most organizations we see have internet-facing assets spread across five or more networks. It’s the forgotten assets that never get patched that can create dangerous holes in your defenses.

Finally, Credential theft, errors and social attacks are the three most common culprits in breaches. Employees working from home could be particularly vulnerable to these attacks. In these uncertain times, it makes sense to focus prevention efforts here

Get the full report by visiting: https://enterprise.verizon.com/resources/reports/dbir/