The 2019 Verizon Data Breach Investigation Report

Written By Kendall Weinfeld

The Verizon DBIR is generally known as the bible of security breach reports. It’s 78 pages of data goodness built on an analysis of 41,686 security incidents, of which 2,013 were confirmed data breaches. We know small and medium business owners and managers don’t have a lot of time to pour through detailed reports like this one. But we also know that knowledge is power. Actionable data is crucial to putting measures in place to protect ourselves. So John Britton, our head of Rocus Networks Security Operations Center (SOC) is here to help boil the report down to the nitty-gritty. Who doesn’t appreciate the bulleted list? Here’s what SMBs need to know from the 2019 DBIR. Take it away, John.

The DBIR in 43 bullets…

43% of the breaches targeted SMBs

Tactics seen within the breaches (multiple tactics attacks are seen hence the math being higher than 100%)

  1. 52% hacking

  2. 33% social attacks (this is UP and is this year’s new trend)

  3. 28% malware

  4. 21% error

  5. 15% misuse of credentials

  6. 4% physical

Who, why & how

Who caused the breach:

  • 69% outsiders:

    • 39% of which were criminal groups

    • 23% nation state

  • 34% internal actors (concerningly high) – System admins being the hacker has risen since 2017 almost 10%

  • 2% partners

  • 5% multiple parties

Why they did it:

  • 71% financial (FMSE – Financially motivated Social Engineering)

How they did it:

  • 32% breaches involved phishing

  • 29% involved stolen credentials

Trends

  • Social engineering is up 18% since last year, which correlates with the increase of 20% of people being targeted (versus targeting servers or desktops)

  • Top threat actions:

    1. Phishing (commonly seen in email or initiated by email*)

    2. Misuse of stolen credentials (commonly seen in email or initiated by email*)

    3. Backdoor access (installation of software)

    4. C2 (command & control – installation of software)

* email leads to loss of credentials or the email takes you to a website and you download malware

  • Exploiting a known vulnerability is up (which puts emphasis on regular patch management)

  • “…median companies received over 90% of their detected malware by email.” “…once the foothold is gained additional malware is downloaded” (This means that emails are being used to send links or files that have secondary detonations built within them)

  • Phishing click rates are down. In 2012 the average was 25%, in 2018 it went down to 2.99% (We are learning not to click on questionable links)

  • Physical hacking via ATM or pump skimmers is down but e-commerce application hacking is up

Data breaches

  • 62% of breaches involve stolen credentials, brute force or phishing

  • There are as many breaches via Business Email Compromise (BEC) resulting in loss of between $0 and the median ($24,439) as there are between the median and $100 million

  • Click rates in phishing tests by industry

    1. Education 4.93%

    2. Public sector 4.48%

    3. Professional services 3.32%

    4. Manufacturing 3.12%

    5. Information 2.33%

    6. Healthcare 2.13%

    7. Finance 2.04%

    8. Retail 1.32%

How to use this data

  • Evaluate your risk (what could happen if my data was breached?)

  • Ensure your business is protected at all possible entrance points (endpoint, email, network)

  • Train your employees to avoid erroneous clicking on emails or attachments or improperly sharing user names and passwords

  • Require dual factor authentication (yes, receiving and entering a passcode takes more time, but its the right thing to do)

  • Have a plan in place if a data breach occurs

There it is! Want more details? Get the 2019 DBIR detailed report and executive summary here.

Kendall Weinfeld
Previous

10 Tips to Stay Cyber-Safe While Traveling
Next

Animated Videos Added to Our Employee Awareness Training