Verizon recently released its 2019 Data Breach Investigations Report (DBIR). The report is based on over 40,000 security incidents, over 2,000 of which were identified as data breaches. Below are some of the key findings reported:
Who are the victims?
- 16% were public sector entities
- 15% were healthcare organizations
- 10% were financial industry entities
- 43% were small businesses
Who is behind the breaches?
- 69% were outsiders
- 34% included internal actors
- 39% included criminal groups
- 23% were identified as nation-states or state-affiliated actors
What tactics are utilized?
- 52% featured hacking
- 33% included social attacks
- 28% involved malware
- 15% were misuse by authorized users
- 21% of breaches were caused by general errors
What are other commonalities?
- 71% were financially motivated
- 25% were related to espionage
- 32% involved phishing campaigns
- 29% involved stolen credentials
- 56% took more than a month to discover
As the above statistics note, organizations of all types and sizes are potential victims to cyber incidents. While public sector entities, healthcare and financial institutions remain lucrative targets due to the expansive amount of personal data they store, these organizations often have the most robust defenses. This trend has created a spike in victims that fall in the small business sector. These organizations are particularly vulnerable to threats as they often do not recognize, prepare for or defend against the potential risks.
While implementing proper security and IT enhancements are critical to protecting your organization, adequate employee education and training are essential. The report indicates that malware most notably gained entry into an organizations system through an email communication (94%) where someone downloaded a file or clicked a corrupted link. As a result, having a workforce that is security-focused will help reduce the incidences of breaches as a result of general error, phishing campaigns and social attacks. That training must permeate the entire organization from the top to the bottom. The report found that C-level executives were 12 times more likely to be the target of social incidents and 9 times more likely to be a target of social breaches than in previous years.
The report also explains how users are more susceptible to spoofing scams where they are tricked into entering their information on a fraudulent site due to our increased use of mobile devices. These devices tend to limit screen sizes, restrict access to information for visibility and forces users to toggle between apps, making it difficult to verify the legitimacy of an email or webpage.
As data breaches and hacks become increasingly more common and more sophisticated, your organization should be actively considering what security and training enhancements need to be implemented to prevent your company from becoming one of these statistics. Reach out to an advisor for an assessment of the best security measures for your company in your particular industry.