The Verizon 2019 Data Breach Investigations Report (DBIR) has been released. This report is built on the analysis of over 41,000 security incidents and breaches. The report can help organizations to understand the threat landscape; how it is changing and evolving.
There are 9 incident classification patterns where the report will focus. In addition, there are subsets of data to further identify and study. Aside of malware based threats there is the evolution of financially motivated social engineering (FMSE).
The full report is about 80 pages but is easy to read and provides a lot of visual charts and graphics to give you a quick, overall perception of the data. Here is a summary of some key take-aways from the report:
- 43% of breaches were small business victims
- 52% of breaches involved Hacking, 33% included Social Engineering, 28% involved Malware
- 56% of the breaches took months or longer to discover
- 71% of the breaches were financially motivated
- 32% of breaches involved phishing
Threat actors (the deviant behind the criminal activity) are categorized as External, Internal and Partner. External actors continue to be the main culprits behind data breaches.
Financial gain is the most common motive behind data breaches.
It was interesting to note that system administrators are creeping up as contributing to the compromise. Not so much as an inside threat actor but more as an error ridden bandit. Misconfiguration of servers and other hardware may be allowing unwanted access.
Human error continues to be a predominate threat to the organizations. In fact, there has been a significant increase in the presence of human error and social engineering between 2013-2018.
Although the top threat action continues to be Denial of Service (DoS) attacks this rarely leads to a breach. Phishing and credential theft are the leaders in the threat varieties used in breaches.
Command and Control (C2) and ransomware are present in both security incidents and breaches. Ransomware is a major issue and not reliant on a data breach to be financially successful. Cryptomining numbers did not show as a significant threat although it is present in the report.
The top malware actions in security incidents and breaches appear to be backdoor and email attachments. In fact, email is the preferred method of delivery of malware (94%) and the use of Office documents leads the way as the file type.
Stolen credentials and phishing are the top actions used in breaches.
The victim demographic charts show some interesting results. The education sector, having 382 incidents shows that 226 of these were Denial of Service (DoS) attacks.This industry leads the pack in DoS attacks and account for over half of all incidents. Furthermore, the education sector is the top contributor to phishing click rates with 4.93%. The report does disclose that click rates have decrease in the last 2 years. That’s good news! Jump to page 38 in the report for detailed break out of incidents and breaches in Education.
This report can be of great valuable in determining your budget and strategies for your organization. It is based on factual information and can help you to avoid the knee jerk and gut feel reactions that may want to drive your own security posture.
Want to skip the full report? Here are some key pages to check out:
- Page 2 – Terminology used in the report and industry
- Page 4 – Introduction
- Page 5 – Summary of findings
- Pages 6-19 – Lots of great charts and graphics to break down the incidents and breaches
- Pages 71-74 -Appendix C: Watching the Watchers