The Verizon Data Breach Investigations Report (DBIR) is back. Now in its tenth year, it’s an unparalleled source of information on cybersecurity threats. The 2017 DBIR reveals what’s really happening in cyber security. This year’s report is based on analysis of over 40,000 incidents, including 1,935 confirmed data breaches.
I figured I'd save you some time by reading it first and highlighting some of the more important points. So, here's FPA's version of the Cliff Notes of this report.
How the report is layed out...
- it has breakdowns by industry sector (such as Entertainment, Finance, Manafacturing, Professional Services, Healthcare, etc.)
- it breaks down the statistics between Incidents and Breaches
- it breaks down findings between types of Incidents (like: Crimeware, Cyber-Espionage, Denial of Service, Insider Misuse, Physical Theft and Loss, Web Application Attacks, etc.)
What are some of the important takeaways...
- Web Application Attacks remains the most prevalent type of breach
- Crimeware (ie: ransomeware) is the 3rd most prevelant type of incident
- Ransomeware is noted as the "the most profitable form" of breach
Who's behind the breaches...
- 75% are perpetrated by outsiders
- 25% involve internal actors
- 18% are conducted by state-affiliated actors
- 51% involved organized criminal groups
What tactics do they use...
- 62% of breaches featured hacking
- 51% of breaches included malware
- 81% of hacking related breaches leveraged either stolen and/or weak passwords
- 43% were social attacks
Financial and Insurance Industries
- Frequency: 998 Incidents, 471 with confirmed data disclosure
- Top 3 patterns: Denial of Service, Web Application Attacks and Payment Card Skimming represent 88% of all security incidents
- Threat actors: 94% External, 6% Internal
- Motives: 96% Financial, 1% Espionage
- Data Compromised: 71% Credentials, 12% Payment, 9% Personal
- Frequency: 620 incidents, 124 with confirmed data disclosure
- Top 3 patterns: Cyber-Espionage, Privilege Misuse and Everything Else represent 96% of breaches within Manufacturing
- Threat actors: 93% External, 7% Internal
- Motives: 94% Espionage, 6% Financial
- Data Compromised: 91% Secrets, 4% Internal, 4% Personal
When you make stuff, there is always someone else who wants to make it better, or at least cheaper. A great way to make something cheaper is to let someone else pay for all of the R&D and then simply steal their intellectual property. With that in mind, it will probably be of no surprise that Cyber-Espionage is by far the most predominant pattern associated with breaches in Manufacturing.
Who are the victims...
- 24% of breaches affected financial organizations
- 15% of breaches involved healthcare organizations
- 12% of breaches were public sector entities
Stepping back a little, all of this almost sounds like a I keep repeating myself (like a broken record?). Report after report keeps coming out helping to paint the picture that security HAS to play a part in how you run your technology, let alone your business.
What you should do...
- start by documenting your approach (one of the best ways for this is through FPA's Technology Security Assessment)
- define and implement the appropriate security policies
- TRAIN YOUR STAFF!!!
- ensure all endpoints are secure
- control what programs are allowed to run on company computers
- consider implementing dual-factor authentication
- implement a solid backup and disaster recovery solution
If you're interested in the report itself, you can download it here.
We help our clients navigate these waters all the time. For us, this really isn't anything new. But while this may be the case for us and other IT professionals, I do think we're right in the middle of a paradigm shift where this level cyber security will become the "new normal". I believe most businesses will be well on their way to "locking things down" over the next few years.
What do you think? Am I preaching to the choir? Or do you think otherwise? Let us know in the Comment box below or shoot me an email if you’d like to chat about this.