Dive Brief:
-
Verizon released its annual Data Breach Digest on Tuesday, an incident report which looks at cyberattack trends in both the commercial and government sectors. In 2015, the Verizon RISK Team was retained to investigate more than 500 cybersecurity incidents in 40 countries, according to the report.
-
Among other things, the report found that most cyberattacks share common traits, such as weak password protection, human error, malware and device hacking.
-
Just 12 scenarios represented more than 60% of the Verizon Risk team’s investigations.
Dive Insight:
The report found that human error is still a common source of breaches. In the last three years, Verizon found human error responsible for almost 30% of data breaches. The top three tactics were phishing (72%), pretexting (16%) and bribery/solicitation (10%).
Verizon also found that devices play a significant role in data breaches as "assets targeted either for the data they store/process or because of their accessibility to the outside world."
Among devices, POS intrusions and payment card skimmers accounted for 40% of the data breaches Verizon investigated.
The report also found that 80% of data breaches involve exploitation of stolen, weak, default or easily guessable passwords.
Malware was another common thread. More than 50% of confirmed data breaches over the past three years featured malware somewhere along the attack chain, according to Verizon. "Whether malware is introduced as the very first event or used post-compromise to advance the attack (or both), it is expected to be an integral part of any sophisticated data breach," according to the report.
Data breaches involving malware also featured hacking actions 80% of the time and social actions 44% of the time.
Verizon recommended businesses help protect themselves from data breaches by creating a plan based on people, processes and technology, and then testing and reassessing the plan often.
