It's always a challenge to boil down the stats and takeaways from Verizon's annual Data Breach Investigations Report (DBIR). The report is based on data from more than 42,000 security incidents and nearly 2,000 breaches across 84 countries. Here are some of major highlights.
- Cybercriminals are targeting smaller companies. 61% of the data breach victims in this year's report have fewer than 1,000 employees.
- 1 in 14 users fall for phishing e-mails. 25% of them fall more than once.
- 51% of the data breaches involved malware. Ransomware is now the 5th most common form of malware involved in data breaches and the first in what the report calls the Crimeware pattern.
- 66% of malware was installed via malicious e-mail attachment.
- 62% of breaches involved hacking.
- 80% of hacking-related breaches used stolen passwords and/or weak passwords.
- 75% of breaches were perpetrated by outsiders and 25% involved internal actors.
- 18% were conducted by state-affiliated actors.
- 51% involved organized criminal groups.
- 73% of breaches were financially motivated.
- 21% of breaches were related to espionage.
- 27% of breaches were discovered by third parties
- Breakdown by verticals: Data breaches – 24% affected financial institutions, 15% affected healthcare organizations, 12% affected public sector entities and 15% affected retail and accommodation entities.
- No one thinks they'll be breached until they are.
- Organizations think they have security basics covered. They don't.
- People are still failing to set strong passwords.
- Organizations are relying on defenses that are out-of-date.
The above is just a snapshot. Read the full report to glean the full substance of some very wise advice. Nice work once again Verizon.
E-mail: email@example.com Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology