Verizon’s annual Data Breach Investigation Report (DBIR) is out! Key takeaways indicate that social engineering attacks using (BEC) Business Email Compromise have almost doubled. The human element involving error, privilege misuse and stolen credentials account for 74% of all breaches. Now in its sixteenth year, the Verizon DBIR is trusted and respected in cybersecurity for its annual reporting and analysis of incidents and breaches. This year they analyzed 16,312 security incidents, of which 5,199 were confirmed data breaches. The attack patterns also include alignment with the CIS Controls to assist with conformity. You can download and read the full report, but here are some key findings.
The report will break down incidents vs breaches. The definitions are: (Page 4)
Incident: A security event that compromises the integrity, confidentiality or availability of an information asset.
Breach: An incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party. A Distributed Denial of Service (DDoS) attack, for instance, is most often an incident rather than a breach, since no data is exfiltrated.
That doesn’t make it any less serious.
Ransomware continues to be one of the top action types present in breaches. Although it did not grow it remains steady at 24%.
External actors were responsible for 83% of breaches, while Internal ones
account for 19%. (Page 12)
The actions used for these attacks included use of stolen credit cards, phishing, ransomware, and privilege abuse.
The report breaks down incidents into 8 classification patterns.
- Basic web application attacks– 1,404 incidents, 1,315 confirmed data disclosures. This accounts for about one fourth of the dataset, with breaches and incidents largely driven by attacks against credentials. Poorly picked and protected passwords continue to be one of the major sources of breaches within this pattern. 86% of the breaches were a result of stolen credentials. (Page 35)
- Denial of Service (DoS) – There were 6,248 incidents with 4 confirmed data disclosures. (Page 42)
- Lost and Stolen Assets – 2,091 incidents, 159 confirmed data disclosures.(Page 44)
- Miscellaneous Errors – 602 incidents, 512 confirmed data disclosures. (Page 40)
- Privilege misuse – 406 incidents,288 confirmed data disclosures. This is with the intention of financial gain and personal information and responsible for 7% of these breaches. (Page 46)
- Social Engineering – 1,700 incidents, 928 confirmed data disclosures. Phishing makes up for 44% of social engineering incidents. (Page 31)
- System Intrusion – 3,966 incidents, 1,944 confirmed data disclosures. Ransomware dominates this pattern. (Page 24)
- Everything Else – Covers all incidents that don’t fit the other patterns.
The report includes breakdowns of incidents by industry (Page 49). In the educational services there were 496 incidents and 238 confirmed data disclosures. 76% were by use of system intrusion, miscellaneous errors and social engineering. (Page 54)
Attribution: As stated in the report, it is permitted to include statistics, figures and other information from the report. Exact quotes are permitted. (Page 6)
Download the full report-Verizon DBIR