Industry Experts On Verizon DBiR 2020

Verizon has today published its yearly report on business data breach investigations. Key stats included:

  • 86 percent of data breaches for financial gain – up from 71 percent in 2019
  • Cloud-based data under attack – web application attacks double to 43 percent
  • 67 percent of breaches caused by credential theft, errors and social attacks
  • Clearly identified cyber-breach pathways enable a “Defender Advantage” in the fight against cyber-crime
  • On-going patching successful – fewer than 1 in 20 breaches exploit vulnerabilities
  • Report analyzes 32,002 security incidents and 3,950 confirmed breaches from 81 global contributors from 81 countries


EXPERTS COMMENTS
Kyle Hanslovan, Co-Founder & CEO ,  Huntress Labs
May 26, 2020
There is also a common misconception that enterprises need to be most wary of phishing attacks.
While it’s a positive shift to see this year’s Verizon Data Breach Investigations Report (DBIR) reflect the security challenges of small businesses, there is much more work to be done to extrapolate major trends from more comprehensive SMB data. From our work with managed service providers (MSPs) who provide outsourced IT to hundreds of thousands of SMBs, we know that only 407 incidents in one ....
[Read More >>]
Patrick Spencer, Director,  Contrast Security
May 26, 2020
Legacy, outside-in DevOps security is failing. A new approach is needed.
Web applications are a growing focus point for cyber criminals. Motivated by financial outcomes, they understand the value of the information exchanged and stored in web applications. The 2020 Verizon Data Breach Investigations Report (DBIR) confirms that this is the case: 43% of data breaches are tied to web application vulnerabilities—which more than doubled year over year. Legacy, outside-in ....
[Read More >>]
Olivier Gaudin, CEO and Founder,  SonarSource
May 21, 2020
The most commonly exploited web app vulnerabilities, according to Verizon’s report--SQL injection and PHP injection vulnerabilities.
The findings from the Verizon report demonstrate that, as an industry, we are spending more time reacting to threats rather than proactively taking steps to ensure assets are secure before they go to market. This is why it’s crucial to think about security as early as when developers are actually coding applications. The technology to provide Code Security feedback throughout software developmen ....
[Read More >>]
Kowsik Guruswamy, Chief Technology Officer,  Menlo Security
May 21, 2020
Menlo Security CTO shares insights and forecast for Verizon DBIR findings
No matter what the industry does, attackers seem to be able to stay one step ahead. Attackers appear to be utilizing the same methods with a varying mix depending on what defenses are on in place. One thing that is clear is that the industry has not solved the phishing problem, as it remains the top attack vector. It seems that no amount of AI or detection algorithms are able to combat a well-writ ....
[Read More >>]
Niamh Vianney Muldoon, Senior Director of Trust and Security, EMEA,  OneLogin
May 20, 2020
Secure access control to data and systems is a fundamental to building this end-user trust.
37% of breaches stole or used credentials highlights the need for businesses and organizations to provide their end-users with a secure mechanism for accessing systems and data that doesn't rely on passwords alone. With more and more of our lives becoming digital, securing and protecting are digital identity and lives will come more into focus. Businesses and organizations who demonstrate good s ....
[Read More >>]
Martin Jartelius, CSO ,  Outpost24
May 20, 2020
The report clearly shows that defence in depth is just as important as ever.
It is interesting to note that 45 % breaches occur due to hacking, and 22 % went via targeting a user or employee. The attackers then on an average need less than 4 further steps in 90 % of the attacks, but most do indeed require more than a single step. This shows clearly that defence in depth is just as important as ever. The study shows that vulnerability management of internet facing systems ....
[Read More >>]
Casey Ellis, CTO and Founder,  Bugcrowd
May 20, 2020
Whitehat hacking can be an advantageous way to mitigate exploits and improve organizations' cyber postures.
The 2020 Verizon Data Breach Investigations Report (DBIR) is a yearly staple for the security industry, and this year's report is no exception. According to the report, 43% of breaches were attacks on web applications, more than doubling the results from last year. Organizations need to understand the importance of knowing their infrastructure because web applications provide easy entry points for ....
[Read More >>]
Saryu Nayyar, CEO,  Gurucul
May 19, 2020
Machine learning-based security analytics immediately detects compromised accounts because the behavior deviation is so telling.
Looking these results, we see that organized crime is the top actor, credential theft remains a top threat, and financially motivated breaches are most common. Criminal enterprises are stealing credentials instead of using extortion for financial gain. Between phishing, social engineering, and a broad range of hacks, it's easy for thieves to get someone's credentials and access a system as them. B ....
[Read More >>]
Murali Palanisamy , Chief Solutions Officer,  appviewX
May 19, 2020
now is the time to reinforce our cloud- and internet-connected systems with robust protection, detection, and recovery systems.
Drilling down into Verizon's 2020 version of the DBIR tells us two things: One, the number of incidents and data breaches is snowballing year-on-year, confirming the trend that digital transformation will result in threat vectors compounding and growing in number. And two, hacking for financial gain has taken precedence over malware and other low-impact techniques as the primary motivator for mali ....
[Read More >>]
Shahrokh Shahidzadeh, CEO,  Acceptto
May 19, 2020
The 2020 edition of the Verizon DBIR highlights the top actions for breaches, which continue to be credentials, misconfiguration and phishing.
The 2020 edition of the Verizon DBIR highlights the top actions for breaches, which continue to be credentials, misconfiguration and phishing. Credentials are still the favorite attack surface, and within the past three years, range fluctuates between 75%-81%. A reduction in malware is aligned with the previous year’s trend and is a function of the risk balloon getting squeezed as alternativ ....
[Read More >>]
Jayant Shukla, CTO and co-founder,  K2 Cyber Security
May 19, 2020
Companies need to protect web applications that continue to have vulnerabilities that can be exploited.
The 2020 Verizon Breach Incident Report has a lot of good information, and reminds us that checking for malware on systems isn’t enough, as attacks via malware have decreased to only 6.5% of attacks and incidents (down from the peak near 50% in 2016). It’s a good reminder that organizations need to have security in place for phishing, preventing credential theft, and to protect web applicati ....
[Read More >>]
Satnam Narang, Senior Research Engineer,  Tenable
May 19, 2020
Ransomware increased by 2.6% from last year, landing at number three in most common Malware breach.
The findings in the Data Breach Investigations Report (DBIR) 2020 show that while attack vectors may fluctuate over time, cybercriminals often set their sights on low-hanging fruit. Zero-days may garner most of the attention, but foundational cyber hygiene issues enable most breaches. The motivation for cybercriminals is primarily financial. As the Cybersecurity and Infrastructure Security Agency ....
[Read More >>]
Tim Mackey, Principal Security Strategist,  Synopsys CyRC
May 19, 2020
This is why zero-trust network architectures are interesting and also why patch policies must include open source governance.
In all cyberattacks, it is the attacker who defines the rules, and often opportunism is the best play in any numbers game. The 2020 DBIR confirms that most successful breaches employed opportunistic tactics ranging from social engineering and credential attacks through to opportunistic hacks and exploits of misconfigurations. This means that we could see a material reduction in breaches if basic p ....
[Read More >>]
Richard Bejlich, Principal Security Strategist ,  Corelight
May 19, 2020
The DBIR offers a lot of information for security professionals to digest.
The DBIR offers a lot of information for security professionals to digest. One way to use it is to understand how your industry is represented, see the sorts of actors and events that affect your industry, and be sure your organization’s risk model and countermeasures mitigate the concerns reported by the DBIR. ....
[Read More >>]
Tim Erlin, VP of Product Management and Strategy ,  Tripwire
May 19, 2020
The industry analysis provided by the DBIR is invaluable.
We often think of ransomware as a breach, but the DBIR categorizes most ransomware activity as an incident because while you may have lost access to the data, the attacker hasn’t actually stolen it. While that may give you some comfort, it doesn’t mean that a ransomware incident is materially less impactful to the security folks who have to deal with it. The fact that “misconfiguration” ....
[Read More >>]
Chad Anderson, Research Engineer ,  DomainTools
May 19, 2020
Errors — mostly misconfigurations of resources — continue to be on the rise as more and more data sets are left openly exposed.
This report further goes to show that attackers do not have to be sophisticated to be effective. We see that only 45% of all breaches in this report involved some kind of traditional hacking and only 4% of the breaches in total had more than four attacker actions. Simple, low-hanging fruit for financial gain continues to dominate this space and shows where so much of our security posture can be im ....
[Read More >>]
Eoin Keary, CEO and Cofounder,  Edgescan
May 19, 2020
Contributing to the Verizon DBiR helps us as an industry move the dial in a positive direction.
Contributing to the Verizon DBiR helps us as an industry move the dial in a positive direction. We can't improve what we can't see. The idea of "the great and good" in the industry contributing together provides a realistic snapshot of what matters In cybersecurity today. I'm very proud of and grateful to the folks in VDBiR for all their hard work. ....
[Read More >>]
Mark Bower, Senior Vice President ,  comforte AG
May 19, 2020
The report shows the Great Digital Train Robbery is alive and well.
The report shows the Great Digital Train Robbery is alive and well. External, multi-faceted and industrialized hacking continues to pepper large enterprises at 72% of overall victims. It’s no surprise that web application patters, around 45% of attacks, expose technology services firms, retail, financial and Insurance services and professional services most to compromise. They are the highest ag ....
[Read More >>]
Paul Bischoff, Privacy Advocate,  Comparitech
May 19, 2020
Web applications are the most common hacking vector through which criminals obtain stolen credentials.
The report dispels many commonly held misconceptions about how and why data breaches happen. Many breaches and data incidents are easily preventable. Most breaches are perpetrated by organised crime and are financially motivated, not by internal sources. Hacking through the use of stolen credentials, phishing, and errors top the list of actions that lead to breaches. Web applications are the ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article