Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Highlights of Verizon's 2019 Data Breach Investigations Report

May 13, 2019

Last week, I covered the jump in nation-state affiliated data breaches. Today, I am ready to take on the overall highlights of the Verizon 2019 Data Breach Investigations Report (DBIR).

The report is based on a detailed analysis of 41,686 security incidents, including 2,013 confirmed data breaches.

Who is behind the attacks?

  • 69% involved outsiders
  • 34% involved internal actors
  • 2% involved partners
  • 5% featured multiple parties
  • 39% of breaches involved organized criminal groups
  • 23% involved nation-state or state-affiliated actors

What actions are being used?

  • 52% of breaches involved hacking
  • 33% included social attacks
  • 28% involved malware
  • 21% of breaches involved human error
  • 15% involved misuse by authorized users
  • 4% of breaches involved physical actions

Who are the data breach victims?

  • 16% public sector entities
  • 15% healthcare organizations
  • 10% financial organizations
  • 43% small businesses

Key takeaways?

  • C-level executives were 12 times more likely to be the target of social incidents and 9 times more likely to be the target of social breaches than they were previously.
  • As businesses move to the cloud, there has been an increase in hacking cloud-based email servers using stolen credentials.
  • Payment card web application compromises are well on their way to exceeding physical terminal compromises in payment card related breaches.
  • Ransomware is still going strong, accounting for nearly 24% of incidents where malware was used. Other threats that are frequently hyped (such as cryptomining) accounted for only 2% of malware and seldom appeared in the DBIR data set.
  • Physical terminal compromises in payment card related breaches is decreasing. This may show an emerging victory for the implementation of chip and pin payment technology.
  • The data set showed six times fewer Human Resource personnel being impacted compared to last year. This correlates with W-2 tax form scams almost disappearing from the DBIR data set.
  • Click-through rates on phishing simulations fell from 24% to 3% during the past seven years. However, it is notable that 18% of people who clicked on test phishing links did so on mobile devices.

Overall, very interesting. I am now left with the task of updating all my DBIR PowerPoint slides. And it would appear that, as ever, the cybersecurity landscape has had some significant changes.

Email:    Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson