This year’s Verizon 2018 Data Breach Investigations Report (DBIR) includes over 53,000 security incidents, 2,216 confirmed data breaches across 65 countries worldwide. Verizon published the 11th edition of the DBIR with help from 67 contributors.
It is no surprise that 76% of breaches are financially motivated with “cold, hard cash,” according to the report. Cyber criminals will strike the unprepared, regardless of size or type of business. They will attempt to steal payment card data, personal data or intellectual property.
Insider threats and mistakes
Over one quarter (28%) of breaches were attributed to insiders, a disturbing statistic given it’s more difficult to identify those insiders who have legitimate access to sensitive data.
People also make mistakes, which can lead to data loss (18% of breaches). Examples of employee mistakes include failing to shred confidential information, sending an email to the wrong person or misconfiguring web servers.
On average, 4% of people will click on any given phishing campaign. The modestly good news is 78% of users didn’t click on even a single phishing email over an entire year.
In one industry, Healthcare, the threat from inside is even greater than that from outside. In addition to human errors, some healthcare employees were found abusing their access to systems or data. In 13% of cases, unauthorized access is motivated by fun or curiosity (e.g., where a celebrity has been a patient).
Lost or stolen assets (to include laptops and paper with sensitive data) also contributed to a number of breaches.
Ransomware most prevalent malware
In this year’s report, ransomware became the most common malware variety making up 39% of malware cases spotted.
Cybercriminals now have access to a plethora of off-the-shelf toolkits to make it much easier to develop and distribute ransomware. Even amateurs could make and distribute the malware in minutes.
Hackers are also looking to encrypt not just single devices, but entire servers and storage devices to lock companies out of their data. This highlights the critical need for organizations to backup their data consistently.
Lacking the basics
Organizations continue to make the jobs of cyber attackers easier.
“Some companies are failing to take the most basic of security measures— like keeping anti-virus software up to date or training staff on how to spot the signs of an attack,” Verizon stated in the DBIR.
Furthermore, Verizon said that 94% of security incidents and 90% of confirmed data breaches fall into nine incident classification patterns across multiple years.
Those nine classification patterns include (along with number of breaches reported):
- Web Applications (414)
- Miscellaneous Errors (347)
- Point of Sale (324)
- Everything Else (308)
- Privilege Misuse (276)
- Cyber-Espionage (171)
- Lost and Stolen Assets (145)
- Crimeware (140)
- Payment Card Skimmers (111)
Some notable findings from the top category, Web Apps, was attributed to use of stolen credentials, followed by SQLi. Verizon said the number could have been much higher in this category if they didn’t filter out botnet-related attacks on web apps that used credentials stolen from customer-owned devices.
Verizon also mentioned that hackers are starting to expand from traditional user devices and beginning to target mobile devices. However, breaches involving mobile devices were still uncommon.
You can download the DBIR to include executive overview and full report to review more details.