It’s that time again! Verizon recently released its highly anticipated 12th annual Data Breach Investigations Report (“DBIR”), with a valuable data-driven review and analysis of the past year’s major security events. The DBIR is the result of the analysis of more than 41,000 incidents, including 2,013 confirmed data breaches. This information is intended to raise awareness and assist in identifying the security needs of your business. Reflecting on the methods commonly used by attackers can help to better defend against them.
Some particular points that we noticed this year:
- Small businesses account for 43% of businesses subject to attack and covered in the report. 52% of breaches are the result of hacking, following by social attacks and malware.
- As companies continue to progress to more cost-efficient cloud-based solutions, their data may shift along as well. The report shows that there has been a corresponding increase in hacking cloud-based email servers with the use of stolen credentials.
- Phishing simulations fell from 24% to 3% during the past seven years, but 18% of people who clicked on test phishing links did so from a mobile device. Research shows that mobile users are more vulnerable to phishing, spear phishing and social media attacks because of their user interfaces.
- The FBI Internet Crime Complaint Center (IC3) contributed to the DBIR this year with impact data from business email compromise (BEC) and computer data breach (CDB) reports. The average direct losses to threat actors are about $8,000 for BECs and $25,000 for CDBs.
- C-level executives were nine times more likely to be the target of social breaches and twelve times more likely to be the target of social incidents than in years past. To further emphasize the increase of financial social engineering attacks, both security incidents and data breaches that compromised executives rose from single digits to dozens in this report.
bit-x-bit is pleased to have contributed to the DBIR again this year and we highly recommend reviewing the information relevant to your business.
The full report is available on Verizon’s website at: https://enterprise.verizon.com/resources/reports/2019/2019-data-breach-investigations-report.pdf
For those that just want a quick “executive” peek, the executive summary is available here: https://enterprise.verizon.com/resources/executivebriefs/2019/2019-dbir-executive-brief.pdf