Built upon analysis of 41,686 security incidents, of which 2013 were confirmed data breaches, the 2019 version of Verizon‘s noted Data Breach Investigations Report (DBIR) has been released and as with previous versions, provides excellent reading.
Serving as a useful guide on the cost, state and increase in data breach patterns, the report is one of the most notable and cited documents in the cybersecurity industry, as well as being one of the most concise.
Therefore, as well as looking at the main headlines from the report, Infosecurity also decided to pick out what we felt were the main takeaways from this year’s findings. So in no particular order, these are our top 10 takeaways from this year’s DBIR.
- 43% of breaches involved small business victims – we’ve seen claims that small businesses are more vulnerable to attack and are more unlikely to recover, but this statistic is likely to be cited frequently
- Nation state or state-affiliated actors were involved in 23% of breaches – while this is not a large number, consider how many state actors there are likely to be, and then the sample of size of the DBIR, and a large number of attacks are attributed to nation-state activities
- Email accounts for 94% of malware delivery methods – web-based attacks account for 23% of cases, while Office documents were used in 45% of cases
- 34% of breaches involved internal actors – the insider threat is a notoriously hard number to measure, due to the number of companies not prepared to admit to the fact that they had been affected by one of their own
- The number of external attackers dropped – the DBIR has shown that after a rise in external attackers being responsible for breaches in 2014, their attacks have dropped in comparison to internal actions, which have risen
- 32% of breaches involved phishing – targeted emails, be it social engineering, business email compromise, Big Game Hunting or a mass mailing preying on the human vulnerability, remain the most common tactic for attacks
- 29% of breaches involved the use of stolen credentials – as credential stuffing has become more popular among attackers, this number could largely increase in the next year
- 39% of breaches involved organized criminal groups – probably less surprising, but the membership scale of such groups can range from a very small number to very large quantities
- Organized crime’s involvement has dropped massively – since a spike in the involvement of organized crime in 2014 in 80% of cases, tinvolvement has dropped while state-sponsored actors, which accounted for fewer than 10% of cases in 2015, has more than doubled
- Privilege abuse accounts for almost 80% of cases – as with credential use, if the accounts also have increased privileges, this can cause even more problems once an attacker is inside your perimeter