Spring has finally arrived, and once again we look back last year’s security incidents and data breaches. Verizon recently released its annual Data Breach Investigations Report (“DBIR”) and as always, it is filled with interesting attack patterns, analysis and a recap of major events. The DBIR covers more than 53,000 incidents and 2,216 confirmed data breaches that can serve as an educational tool and be leveraged by your business and inform security decisions going forward. Studying the methods and means the bad actors use, especially within different verticals such as healthcare, retail, and manufacturing, allows us to raise the bar and increase our chances of avoiding the next attack and breach. A few points that quickly jumped out to us are:
- Small businesses account for 58% of businesses subject to attack and covered in the report. Yes, the Anthem, Alteryx, Deloitte and Equifax breaches may grab headlines, but the fact is most breaches affect the businesses that many would regard as off the radar, and those are small businesses.
- The top vector for malware is email at 92%, which may not be the most surprising, but the next related one probably is to many.
- The top file types and malware to be delivered to your inbox within the “first-stage” are:
- Java script – 37.2%
- Vbscript – 20.8%
- Windows executable – 14.8%
- Microsoft office (.docx, .xlsx, .pptx, etc) – 14.4%
- Other – 7.0%
- PDF – 3%
Once the malware is in and executed, the second-stage malware is unpacked/downloaded and then the real disaster begins. Do you have controls other than “anti-virus” in place to help mitigate these threats?
- Ransomware made up 39% of identified malware cases and at least 37% of malware hashes (the unique identifier to a piece of malware) appear once and are never heard from again. The important takeaway here – it is trivial for a bad actor to have “custom malware” all the time.
- Problematically, 68% of breaches took months or longer to discover. Your business likely has rules and alerts to stop bad things from coming in, but can you detect whether your data is leaving the business too?
bit-x-bit is pleased to have contributed to the DBIR this year and we highly recommend reviewing the points that cover your business.
The full report is available on Verizon’s website at: https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_en_xg.pdf.
For those that just want a quick “executive” peek, the executive summary is available here: https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_execsummary_en_xg.pdf.