Verizon Data Breach Investigations Report Understanding the threats can help you manage risk effectively.
The threats are real, the attackers motivated. But something stands
between them and your organization’s data: you and your security
teams, with the insight, perspective, and tools to take action. You’ll find that all right here.
To download the report :
https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf
Online Version of the report :
https://enterprise.verizon.com/resources/reports/dbir/2019/introduction/
Major findings in summary
The DBIR continues to deliver comprehensive data-driven analysis of the cyber threat landscape. Major findings of the 2019 report include:
- New analysis from FBI Internet Crime Complaint Center (IC3): Provides insightful analysis of the impact of Business Email Compromises (BECs) and Computer Data Breaches (CDBs). The findings highlight how BECs can be remedied. When the IC3 Recovery Asset Team acts upon BECs, and works with the destination bank, half of all US-based business email compromises had 99 percent of the money recovered or frozen; and only 9 percent had nothing recovered.
- Attacks on Human Resource personnel have decreased from last year: Findings saw 6x fewer Human Resource personnel being impacted this year compared to last, correlating with W-2 tax form scams almost disappearing from the DBIR dataset.
- Chip and Pin payment technology has started delivering security dividends: The number of physical terminal compromises in payment card related breaches is decreasing compared to web application compromises.
- Ransomware attacks are still going strong: They account for nearly 24 percent of incidents where malware was used. Ransomware has become so commonplace that it is less frequently mentioned in the specialized media unless there is a high profile target.
- Media-hyped crypto-mining attacks were hardly existent: These types of attacks were not listed in the top 10 malware varieties, and only accounted for roughly 2 percent of incidents.
- Outsider threats remain dominant: External threat actors are still the primary force behind attacks (69 percent of breaches) with insiders accounting for 34 percent.
Putting business sectors under the microscope
Once again, this year’s report highlights the biggest threats faced by individual industries, and also offers guidance on what companies can do to mitigate against these risks.“Every year we analyze data and alert companies as to the latest cybercriminal trends in order for them to refocus their security strategies and proactively protect their businesses from cyber threats. However, even though we see specific targets and attack locations change, ultimately the tactics used by the criminals remain the same. There is an urgent need for businesses – large and small – to put the security of their business and protection of customer data first. Often even basic security practices and common sense deter cybercrime,” comments Sartin.Industry findings of note include:
- Educational Services: There was a noticeable shift towards financially motivated crime (80 percent). 35 percent of all breaches were due to human error and approximately a quarter of breaches arose from web application attacks, most of which were attributable to the use of stolen credentials used to access cloud-based email.
- Healthcare: This business sector continues to be the only industry to show a greater number of insider compared to external attacks (60 versus 42 percent respectively). Unsurprisingly, medical data is 18x more likely to be compromised in this industry, and when an internal actor is involved, is it 14x more likely to be a medical professional such as a doctor or nurse.
- Manufacturing: For the second year in a row, financially motivated attacks outnumber cyber-espionage as the main reason for breaches in manufacturing, and this year by a more significant percentage (68 percent).
- Public Sector: Cyber-espionage rose this year – however, nearly 47 percent of breaches were only discovered years after the initial attack.
- Retail: Since 2015, Point of Sale (PoS) breaches have decreased by a factor of 10, while Web Application breaches are now 13x more likely.
(More findings on all individual industries may be located in the full report.)
More data from highest number of contributors ever means deeper insights
“We are privileged to include data from more contributors this year than ever before, and had the pleasure of welcoming the FBI into our fold for the very first time,” adds Sartin. “We are able to provide the valuable insights from our DBIR research as a result of the participation of our renowned contributors. We would like to thank them all for their continued support and welcome other organizations from around the world to join us in our forthcoming editions.”
This is the 12th edition of the DBIR and boosts the highest number of global contributors so far – 73 contributors since its launch in 2008. It contains analysis of 41,686 security incidents, which includes 2,013 confirmed breaches. With this increase of contributors Verizon saw a substantial increase of data to be analyzed, totaling approximately 1.5 billion data points of non-incident data.
This year’s report also debuts new metrics and reasoning which helps identify which services are seen as the most lucrative for attackers to both scan for and attack at scale. This analysis is based on honeypot and internet scan data.
