Verizon DBIR: Key Findings and Recommendations for your Business

by: Katie Sloane on May, 15, 2019 | 0 Comments
 hero Image

Every year Verizon publishes a thorough Data Breach Investigations Report (DBIR) which delves into cybersecurity attacks and illustrates hacking methods, motives, patterns and more. The report is based on the evaluation of 41,686 security incidents, of which over 2,000 were confirmed data breaches.

In today's blog post and infographic, we've compiled essential findings and insightful takeaways from this year's DBIR. 

Nature of Attacks

The following summarizes common tactics utilized to carry out cyber-attacks against businesses in various industries:

  • Phishing accounted for 32% of successful breaches, making it the number one threat action executed
  • Over 50% of breaches involved hacking
  • 33% of data breaches included social engineering
  • 28% of cyber-attacks featured malware 

Attackers Behind the Breaches

 According to the Verizon DBIR, these threat actors were behind most breaches:

  • Outsiders committed 69% of breaches
  • Organized criminal groups were behind 39% of breaches were associated with organized crime groups
  • 34% perpetrated by internal actors 

Top Malware Infection VectorsKS-Verizon-DBIR-Infographic-final-2019-01

Malware is still a significant issue, and per the report, the majority of the time (94%) it is delivered via email. Top malware, 

  • Command and Control (C2)
  • Backdoor
  • Ransomware
  • Spyware
  • Adware

Common Types of Social Engineering

Let's shift to social engineering, an omnipresent threat action with multiple variations, and a psychological technique that hackers use to manipulate human behavior. An interesting conclusion that Verizon's DBIR draws is how mobile devices are more prone to social engineering attacks because of their design in conjunction with how users interact with them. 

Below are some of the most common social engineering methods, according to the report:

  • Phishing
  • Pretexting 
  • Bribing
  • Forgery
  • Extortion
  • Influence
  • Other
  • Scam

Critical Considerations to Safeguard Your Business

Assimilating the report's discoveries, the proverbial question of "What can businesses do to safeguard their assets and information?" becomes more transparent.

  • Security Awareness Training should be leveraged to empower employees with knowledge and eliminate poor security hygiene. By learning cybersecurity best practices and staying ahead of emerging threats, internal actors can make more informed security decisions.
  • Limit, 24x7x365 monitor and log access to sensitive business data and financial information.
  • Focus on preventative, detective and remediation controls. Criminals strive to pinpoint gaps in a company's security program, making it imperative for organizations to take no chances on the issue of cybersecurity
  • Implement robust phishing reporting to identify threats in real-time and prevent incidents from occurring.
  • A multidisciplinary approach is better than a siloed approach. Work with a trusted IT partner that offers a comprehensive cybersecurity solution encompassing technology, education and governance so they can tackle security concerns, and you can focus on your business.


Align's Managed IT Services team addresses sophisticated cybersecurity risks and their threats through a streamlined, multi-faceted approach. If you're considering potential solutions for your firm or would like more informationcontact us here or email cyber@align.com.

Contact Us ➜

Tags: Cybersecurity, Managed Services

Related Articles

 
Cybercriminals Targeting C-Suite

Cybersecurity

Cybercriminals Targeting C-Suite

As stated in Verizon's 2019 Data Breach Investigations Report (DBIR), C-suite executives are the

Read More >

How Fund Managers Can Prepare for the Latest SEC OCIE Cyber Sweeps

Cybersecurity

How Fund Managers Can Prepare for the Latest SEC OCIE Cyber Sweeps

The following excerpt originally appeared in Hedge Fund Law Report and was written by Amy Terry

Read More >

Leave A Comment