In a landscape where data breaches and cyber-attacks are rife, no business can afford to take their security measures lightly. With Notifiable Data Breach laws being as they are, not only do you need to worry about the immediate financial losses you may suffer, but the reputational damage could potentially destroy your business.
However, the risks presented in a recent report by Verizon look at cybersecurity attacks and compliance issues facing organisations today, and offers some guidance on how to mitigate them. Verizon's Report is one of the most respected authoritative sources for annual cybersecurity publications. This report presents an in-depth analysis of 157,525 incidents, of which 32,002 met the Verizon quality standard, including 3,950 breaches.
For this update we will focus on only a few key points, but if you're interested in learning more, please download the 2020 DBIR Report.
Key takeaways from the APAC region
- 63% of breaches are financially motivated
- 30% of hacking attacks used stolen credentials or exploited vulnerabilities against web applications
- Social engineering attacks accounted for 29% of incidents
- 15% of breaches involved internal errors
Globally
- 58% of victims had personal data compromised
- 72% of breaches targeted large business, and 28% targeted small business
- 70% of breaches occurred from external parties with the remaining 30% being internal
- Organised criminals accounted for 55% of all breaches
- 45% of breaches involved actual hacking
- Errors such as misconfiguration caused 22% of breaches, as did social engineering attacks
- 17% involved malware
Myths
Many believe that shady internal actors are the cause for the bulk of breaches, but the truth is it is external parties, and always has been.
And while espionage sounds exciting and produces great click-bait and headlines, the fact of the matter is that is the reason behind only 10% of attacks. It�??s no big surprise that financial gain is the key motive coming in at 86% globally.
The Methods
The most successful methods of attack are errors, credential theft, and social attacks such as phishing scams. They work, so it makes sense that these are the preferred "tools" used by attackers. This is where the bulk of your efforts should be focused when preparing your security plan. Ensure applications are configured correctly, and train staff to know how to recognise phishing emails.
Ransomware (where your data is held at ransom, usually for money) accounts for 27% of malware incidents. 18% of organisations have blocked at least one piece of ransomware, so this cannot be ignored.
As we move to more cloud-based services, it's no surprise we see attackers following businesses there. 43% of breaches involved web apps; over double last year. 80% of these attacks were carried out using either stolen credentials, or brute-force (continually trying credentials until they eventually get it right). 20% of attacks came via vulnerabilities in applications.
881 breaches (over double from last year) came from people simply making mistakes. Likely due to the increasingly strict reporting requirements, but the fact is people are not perfect. Emailing personal data to the wrong person is a simple mistake to make, but the costs could potentially be crippling.
The Good News
Security tools are getting better! In 2016, just shy of 50% of breaches were trojan-style malware. This year, we�??re down to 6.5% thanks to improved tools and detection.
While 20% of attacks came via vulnerabilities, only 5% successfully breached. This is due to companies maintaining good patching habits seeing those gaps quickly filled.
The Wrap
The report goes into further details based on different industries, and we would encourage you to look into your own industry should it appear. This really is a topic that Sentrian take very seriously, and security has always been our top priority not only internally, but for the services we offer our clients.
Should you wish to discuss your security measures further, please get in touch with your Client Services Manager
