Verizon’s 2020 Data Breach Investigations Report is out, converting breach data from anecdotal to a demonstrable fact. It provides new geographical breakdown, along with the behavior attributions for different cyber adversaries.
What are the critical takeaways?
Denial-of-service (DoS) attacks, ransomware, and financially motivated attacks have spiked over the past year, according to the report.
- Misconfiguration errors still exist and have been increasing. Majorly, such errors are associated with exposed database storage discovered by security researchers and unrelated third parties.
- The DDoS attacks rose in number to 13,000 incidents, making up 40% of security incidents reported, and were also seen as a bigger part of cybercriminals’ toolboxes.
- Cyberespionage attacks witnessed a downward spiral with a mere 3.2% of data breaches in 2019. It was behind 13.5% of breaches in 2018.
Researchers asserted that, “The drop in raw numbers could be due to either under-reporting or failure to detect these attacks, but the increase in the volume of the other patterns is very much responsible for the reduction in the percentage.”
What are the positive takeaways?
Dubbed as the most extensive data breach report, Verizon believes that there is some good analysis result for security professionals too.
- The report reveals that malware incidents are down, suggesting that current anti-malware products are fairly effective.
- Less than 5% of breaches involved the exploitation of a vulnerability, indicating improvement in patch management practices.
- Trojan-type malware were behind only 6.5% of all breaches. It was at a peak in 2016 with a 50% share in breach incidents.
- Numerous firms discover and report breaches within a day or less, thus helping quickly tackle the issue at large and quantify the threats.
Some quick data
The Verizon report highlights that 86% of the breaches in 2019 were financially motivated, as compared to the previous year’s 71% for similar breaches.
- 81% of breaches were discovered in days or less
- 72% involved large business victims
- 58% of victims had personal data compromised
- 86% of breaches were financially motivated
- 43% of breaches affecting web applications
- 10% espionage-related breaches
- 22% of breaches involved cloud assets, out of which 71% also reported breaches in on-premises assets.
- 45% of breaches featured hacking, out of which 22% involved social attacks, and the other 22% also involved malware.
- 70% of the breaches were attempted by external actors, out of which 55% were organized criminals, and the other 30% were by internal actors.
Other key insights
Cybercrime is indeed a lucrative but a shortcut business trick that mischievous people undertake.
- According to the report, hackers targeted North America mainly for stealing credentials in 79% of breach attempts.
- In Europe, the Middle East, and Africa, denial of service (DoS) attacks accounted for more than 80% of malware incidents.
- In the Asia Pacific, 63% of breaches were financially motivated.
- 80% of breaches that include hacking were brute force or lost or stolen data.
- Ransomware stood third in the most common “malware breach” category and second in the most common “malware incident” category.
- Criminals are choosing the path of least resistance and complexity while selecting a hacking target.
What will help you stay protected?
Most of the time, the tricks and techniques used are basic, which can be protected through the following steps:
- Continuous vulnerability management,
- Secure configurations
- Email and web browser protection
- Limitation and control of network ports
- Account monitoring
- Security awareness training
- Predictive threat intelligence
- Automated threat response actions
Refer here for the full detailed report.