Verizon’s 2018 DBIR
Verizon recently released its 11th edition of its Data Breach Investigations Report (DBIR). Worldwide, malware incidents declined in 2017. The volume is still significant and attacks are lucrative for cyber-criminals. The report identified 53,308 security incidents and 2,216 data breaches in 65 countries. The most common form of malware was ransomware in 2017. Ransomware attackers are targeting file servers and databases more frequently now.
They are relying less on attacks of specific computers. Some key facts include:
76% of breaches were financially motivated
Most attacks are opportunistic and target the unprepared
73% of security incidents were caused by outsiders. 50% were caused by organized criminal groups and nation-states caused 12%.
27% of security incidents were caused by insiders
Either attackers have shifted targets or certain industries have increased their security measures. The industries that saw a decline in cyberattacks include financial, information, and manufacturing. A number of sectors unfortunately saw an increase in attacks in 2018, including education, accommodation, health care, professional and pubic.
Sadly, of all the breaches, 68% took months or longer to discover. According to the report, the discovery were not always made by the diligence of the company. Often the attack was discovered by law enforcement, a partner, or a customer.
What you can do If you are in one of the industries where attack volume is on the rise, you might need to increase your security measures. You might also need to be more diligent in looking for incidents. A strong monitoring practice as well and leveraging cyber specialists to perform penetration testing are valuable security measures.
Employees should be front line defense to help manage the risk. Basic security measures needed continue to be prompt patching, encryption of sensitive data and vigilance.
One trend the cyber security industry continues to see is every company, in any industry, might be vulnerable to a cyber attack. Increased security measures is necessary for all businesses.
About the Author - Carolyn Schrader is a seasoned cybersecurity professional and founder of the Cyber Security Group Inc., providing corporate cybersecurity services to high profile clients.