Every year Verizon publishes a thorough Data Breach Investigations Report (DBIR) which delves into cybersecurity attacks and illustrates hacking methods, motives, patterns and more. The report is based on the evaluation of 41,686 security incidents, of which over 2,000 were confirmed data breaches.
In today's blog post and infographic, we've compiled essential findings and insightful takeaways from this year's DBIR.
Nature of Attacks
The following summarizes common tactics utilized to carry out cyber-attacks against businesses in various industries:
- Phishing accounted for 32% of successful breaches, making it the number one threat action executed
- Over 50% of breaches involved hacking
- 33% of data breaches included social engineering
- 28% of cyber-attacks featured malware
Attackers Behind the Breaches
According to the Verizon DBIR, these threat actors were behind most breaches:
- Outsiders committed 69% of breaches
- Organized criminal groups were behind 39% of breaches were associated with organized crime groups
- 34% perpetrated by internal actors
Top Malware Infection Vectors
Malware is still a significant issue, and per the report, the majority of the time (94%) it is delivered via email. Top malware,
- Command and Control (C2)
- Backdoor
- Ransomware
- Spyware
- Adware
Common Types of Social Engineering
Let's shift to social engineering, an omnipresent threat action with multiple variations, and a psychological technique that hackers use to manipulate human behavior. An interesting conclusion that Verizon's DBIR draws is how mobile devices are more prone to social engineering attacks because of their design in conjunction with how users interact with them.
Below are some of the most common social engineering methods, according to the report:
- Phishing
- Pretexting
- Bribing
- Forgery
- Extortion
- Influence
- Other
- Scam
Critical Considerations to Safeguard Your Business
Assimilating the report's discoveries, the proverbial question of "What can businesses do to safeguard their assets and information?" becomes more transparent.
- Security Awareness Training should be leveraged to empower employees with knowledge and eliminate poor security hygiene. By learning cybersecurity best practices and staying ahead of emerging threats, internal actors can make more informed security decisions.
- Limit, 24x7x365 monitor and log access to sensitive business data and financial information.
- Focus on preventative, detective and remediation controls. Criminals strive to pinpoint gaps in a company's security program, making it imperative for organizations to take no chances on the issue of cybersecurity.
- Implement robust phishing reporting to identify threats in real-time and prevent incidents from occurring.
- A multidisciplinary approach is better than a siloed approach. Work with a trusted IT partner that offers a comprehensive cybersecurity solution encompassing technology, education and governance so they can tackle security concerns, and you can focus on your business.
Align's Managed IT Services team addresses sophisticated cybersecurity risks and their threats through a streamlined, multi-faceted approach. If you're considering potential solutions for your firm or would like more information, contact us here or email cyber@align.com.
