Verizon has today released the 2019 Data Breach Investigations Report (DBIR), providing an analysis of over 40,000 security incidents and more than 2,000 confirmed data breaches investigated across 180 countries during the last 12 months.
This year’s report includes data from the FBI for the first time, and highlights the risks faced by the C-Suite, with executives six times more likely to be a target of social-engineering than they were only a year ago. Some of the key findings include:
- Can you keep a secret? – Espionage was the key motivation behind a quarter of all breaches, with over a fifth of these attacks traced back to nation states or state-affiliated actors. Although financial gain is still a huge driver, this increase in cyber-espionage highlights that businesses should be re-assessing who might be behind the attacks launched against them and how they need to adapt their security strategy to protect their secrets.
- Ticking timebomb – Businesses are still slow to locate attacks, with over half of all breaches taking months or longer to discover. This is giving attackers huge amounts of time to cover their tracks or disappear, whilst the business and its customers are left open to the threat that their data could be used maliciously before anyone realises something is amiss.
- There’s a hole in the bucket, dear Liza – 60 million records were breached in the past year due to misconfigured cloud-based file storage – such as Amazon buckets – highlighting that even a simple mistake can cause huge amounts of data to be stolen. In fact over a fifth of incidents categorised under miscellaneous errors were accounted for by these mistakes.
- The persistent highwayman – Ransomware continues to be a huge threat to organisations; it was the second most prevalent type of malware, accounting for almost a quarter of all related incidents. Given the disastrous effects that successful ransomware attacks have had, businesses can’t afford to take their eye of the ball when it comes to defending against the threat.
- Crypto Mining has been a flash in the pan – Despite being a regular focus for concern in the last 12 months, crypto mining accounted for less than 5% of incidents recorded in the DBIR. In fact, it didn’t even make the top 10 list of malware varieties in this year’s report, highlighting that it isn’t as prevalent a threat as many might expect.
- C-Suite Beware: You are the latest targets of cybercrime: C-level executives increasingly and proactively targeted by social breaches – correlating to a rise of social-engineering attacks with financial motivation.