You always have a better chance when you know your enemies’ tactics, right? The annual Verizon Data Breach Report is famously acknowledged to highlight the security threats which the businesses face today.
This year also, the company collected real-world data from almost 42000 security incidents and 2000 data breaches to come up with the 12th edition of the report and reveal some eye-opening insights. Data for the report was provided by 73 (out of which 66 were external to Verizon) public as well as private organizations from over 86 countries.
Let us take a look at some of the major takeaways from the Verizon Data Breach report and try to understand how the targets and tactics adopted by the cybercriminals have evolved over the years.
Small Businesses Are The No. 1 Victims Of Hackers, Healthcare And Public Entities Next
When it comes to the data breach victims, small businesses top the list as they were the most attacked sector with 43% of the data breaches targeting them. Healthcare and public sector organizations were also highly vulnerable and accounted for 16% and 15% of the total data breaches respectively.
C-level Executives Are The Primary Targets Of Social Engineering Attacks
The business leaders seemed to be the principal targets of social attacks as they were 12 times more likely to face social incidents and 9 times more likely to be the victims of social breaches. As compared to the last year’s report, the financial social engineering attacks which compromised top executives also multiplied this year.
Cloud Based Breaches Become More Prominent Than Ever
The cloud-based platforms have their own functional benefits, but they have certain risks also. As more and more companies move to cloud-based solutions, their valuable datasets also migrate to a platform where criminals are on a constant lookout for opportunities to locate and steal the crucial information.
This year’s report confirms this concern by revealing the fact that there has been a considerable increase in the cloud-based email-server hacking, phishing attacks, and credential thefts.
Hacking And Social Attacks Lead The Game
According to the report, almost 52% of the data breaches involved hacking, while 33% of the incidents were categorized under social attacks. Interestingly, the number of social attacks has increased by a factor of 18% during the last five years. A significant number of breaches also involved malware and authority misuse.
Ransomeware Attacks Are Still On The Frontlines
Ransomware continues to be a significant threat to the cybersecurity landscape. Verizon’s DBIR states that ransomware was involved in almost 24% of the attacks which featured the use of malware. Surprisingly, 94% of the attacks used email as their delivery platform. However, other hyped cyberthreats like crypto mining were found to be significantly infrequent and featured in only 2% of the cyber incidents.
The Breaches Still Take A Long Time To Get Discovered
It is always essential to determine the time of discovery in case of a cyber attack so that the impacts could be minimized as early as possible. Although it depends on the type of attack in question, a majority of the data breaches (around 56%) took months to discover and take defensive or precautionary action. Adding to the disappointing figures, public sector data breaches were 2.5 times more likely to go unnoticed for years.
State Sponsored Attacks Increase
The report also revealed that the state-affiliated groups played a major role in compromising data of organizations all over the globe. Around 23% of the recorded incidents involved any state-sponsored group and in cases where only external parties were involved, state-affiliated actors accounted for 79% of the breaches.
Mobile Users More Susceptible To Phishing
The way we interact with our smartphones makes it really easy for the hackers to lure us into their fraudulent traps. The report also highlighted the fact that due to compact designs and software constraints, mobile users tend to pay less attention to the incoming requests and emails and become more vulnerable to socially engineered attacks.
Healthcare Compromised By Internal Actors, Education Plagued By Social Engineering Attacks
Almost 59% of the healthcare data breaches featured internal actors and as a result, personal and medical information of numerous patients was compromised. Inadequately secured email credentials, social engineering attacks and Denial of Service (DoS) attack caused serious damage to the education sector this year. Most of these attacks involved internal players (45%) and were financially motivated (80%).
Financial Gain And Espionage Continue To Be The Biggest Drivers
Financial gain was the principal motivation behind 71% of all the data breach incidents recorded last year. On the other hand, cyber espionage was tremendously prominent in the public sector domain and was the prime motive in almost 70% of the attacks.
Due to the dynamic nature of cyber attacks and data breaches, crucial information of businesses and their customers are constantly at stake. However, acquiring up-to-date knowledge about such threats and vulnerabilities through insights like these may help the organizations in minimizing such events. Consequently, business leaders may recognize their organization’s shortcomings and adopt the appropriate strategies to mitigate them.