May 15, 2019

Verizon DBIR: Key Findings and Recommendations for your Business

by: Katie Sloane

Every year Verizon publishes a thorough Data Breach Investigations Report (DBIR) which delves into cybersecurity attacks and illustrates hacking methods, motives, patterns and more. The report is based on the evaluation of 41,686 security incidents, of which over 2,000 were confirmed data breaches.

In today's blog post and infographic, we've compiled essential findings and insightful takeaways from this year's DBIR. 

Nature of Attacks

The following summarizes common tactics utilized to carry out cyber-attacks against businesses in various industries:

  • Phishing accounted for 32% of successful breaches, making it the number one threat action executed
  • Over 50% of breaches involved hacking
  • 33% of data breaches included social engineering
  • 28% of cyber-attacks featured malware 

Attackers Behind the Breaches

 According to the Verizon DBIR, these threat actors were behind most breaches:

  • Outsiders committed 69% of breaches
  • Organized criminal groups were behind 39% of breaches were associated with organized crime groups
  • 34% perpetrated by internal actors 

Top Malware Infection VectorsKS-Verizon-DBIR-Infographic-final-2019-01

Malware is still a significant issue, and per the report, the majority of the time (94%) it is delivered via email. Top malware, 

  • Command and Control (C2)
  • Backdoor
  • Ransomware
  • Spyware
  • Adware

Common Types of Social Engineering

Let's shift to social engineering, an omnipresent threat action with multiple variations, and a psychological technique that hackers use to manipulate human behavior. An interesting conclusion that Verizon's DBIR draws is how mobile devices are more prone to social engineering attacks because of their design in conjunction with how users interact with them. 

Below are some of the most common social engineering methods, according to the report:

  • Phishing
  • Pretexting 
  • Bribing
  • Forgery
  • Extortion
  • Influence
  • Other
  • Scam

Critical Considerations to Safeguard Your Business

Assimilating the report's discoveries, the proverbial question of "What can businesses do to safeguard their assets and information?" becomes more transparent.

  • Security Awareness Training should be leveraged to empower employees with knowledge and eliminate poor security hygiene. By learning cybersecurity best practices and staying ahead of emerging threats, internal actors can make more informed security decisions.
  • Limit, 24x7x365 monitor and log access to sensitive business data and financial information.
  • Focus on preventative, detective and remediation controls. Criminals strive to pinpoint gaps in a company's security program, making it imperative for organizations to take no chances on the issue of cybersecurity
  • Implement robust phishing reporting to identify threats in real-time and prevent incidents from occurring.
  • A multidisciplinary approach is better than a siloed approach. Work with a trusted IT partner that offers a comprehensive cybersecurity solution encompassing technology, education and governance so they can tackle security concerns, and you can focus on your business.

Align's Managed IT Services team addresses sophisticated cybersecurity risks and their threats through a streamlined, multi-faceted approach. If you're considering potential solutions for your firm or would like more informationcontact us here or email

Contact Us ➜

Continue Reading

Related Articles


“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC