« Nation States and Affiliates Behind Rising Tide of Data Breaches | Main | Feds Are Spending Millions to Hack Into Locked Phones »

May 13, 2019

Highlights of Verizon's 2019 Data Breach Investigations Report

Last week, I covered the jump in nation-state affiliated data breaches. Today, I am ready to take on the overall highlights of the Verizon 2019 Data Breach Investigations Report (DBIR).

The report is based on a detailed analysis of 41,686 security incidents, including 2,013 confirmed data breaches.

Who is behind the attacks?

  • 69% involved outsiders
  • 34% involved internal actors
  • 2% involved partners
  • 5% featured multiple parties
  • 39% of breaches involved organized criminal groups
  • 23% involved nation-state or state-affiliated actors

What actions are being used?

  • 52% of breaches involved hacking
  • 33% included social attacks
  • 28% involved malware
  • 21% of breaches involved human error
  • 15% involved misuse by authorized users
  • 4% of breaches involved physical actions

Who are the data breach victims?

  • 16% public sector entities
  • 15% healthcare organizations
  • 10% financial organizations
  • 43% small businesses

Key takeaways?

  • C-level executives were 12 times more likely to be the target of social incidents and 9 times more likely to be the target of social breaches than they were previously.
  • As businesses move to the cloud, there has been an increase in hacking cloud-based email servers using stolen credentials.
  • Payment card web application compromises are well on their way to exceeding physical terminal compromises in payment card related breaches.
  • Ransomware is still going strong, accounting for nearly 24% of incidents where malware was used. Other threats that are frequently hyped (such as cryptomining) accounted for only 2% of malware and seldom appeared in the DBIR data set.
  • Physical terminal compromises in payment card related breaches is decreasing. This may show an emerging victory for the implementation of chip and pin payment technology.
  • The data set showed six times fewer Human Resource personnel being impacted compared to last year. This correlates with W-2 tax form scams almost disappearing from the DBIR data set.
  • Click-through rates on phishing simulations fell from 24% to 3% during the past seven years. However, it is notable that 18% of people who clicked on test phishing links did so on mobile devices.

Overall, very interesting. I am now left with the task of updating all my DBIR PowerPoint slides. And it would appear that, as ever, the cybersecurity landscape has had some significant changes.

Email: snelson@senseient.com   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Posted on May 13, 2019 at 10:00 AM |

| | Pin It! | | |

Visual Verification Image
* Required

About

My Photo

Subscribe



  • Powered by FeedBlitz

Search

Recent Posts

Archives

C O P Y R I G H T   N O T I C E
© 2019 Sensei Enterprises, Inc. All Rights Reserved.

Sensei Enterprises, Inc.

  • 3975 University Drive
    Suite 225
    Fairfax, VA 22030
    703.359.0700

Disclaimer

  • This blog is intended to impart general information and does not offer specific legal advice. Use of this blog does not create an attorney-client relationship. If you require legal advice, consult an attorney.