Every year Verizon performs a study regarding all of the data breaches that have happened around the world called the Verizon Data Breach Investigations Report (DBIR). This is a very important study for both cybersecurity professionals as well as company executives as a lot of insight regarding data breaches can be gleaned from the report.
By analyzing the DBIR, we can learn a lot about the nature of data breaches such as how they are performed, who they target the most, what kind of damage they can cause, and so much more. This year’s DBIR is particularly fascinating with a lot of interesting data to go over.
However, the report itself is rather dense and can be difficult to understand for those not in the cybersecurity field. Which is why we have put together a summary outlining the most important takeaways from the report so that you can learn how to best protect your business.
the sector with the highest number of incidents is public administration
The Most Targeted Industries
According to Verizon’s report, the sector with the highest number of incidents is public administration with 23,399 total incidents and 330 confirmed data breaches. This isn’t too surprising considering the large amount of cyber-espionage and state-sponsored insider threats that are all too common in the public sector, but it is still concerning.
The next highest industry in the list of incidents is the information field with 1,094 incidents and 155 data breaches. Even if a company isn’t in one of the industries with the highest number of incidents, it doesn’t mean that they’re safe from data breaches. Even the industry lowest on the list, accommodation and food services, still had 87 incidents in total. And when each incident has the potential to cost a company millions of dollars (averaging $1.6 million), 87 is still a very large number.
C-level executives… are twelve times more likely to be targets than they have been in the past
Just as some industries are targeted more often by hackers than others, so is the same for employees within an individual organization.
Unsurprisingly, C-level executives are at the top of the list of who hackers target the most often and they are twelve times more likely to be targets than they have been in the past. This shows that hackers are not only prioritizing them more above other employees but are also succeeding more often than before.
Something that is rather interesting is that Human Resource personnel have started to go down some on every hacker’s priority list, with them being targeted six times less often than they were last year.
Those Doing the Attacking
While 69 percent of attacks were performed by an outside attacker, 34 percent involved people within the organization itself. This is an increase of 6 percent over last year, which means insider threats are becoming more commonplace.
However, not every insider threat is done willingly. Verizon’s report lists it as incidents that “involved internal actors,” which also means those who were tricked into doing a hacker’s bidding through phishing attempts. This just makes protecting your organization against phishing attacks all the more important, and will no doubt continue to become more important as time goes on and hackers use more sophisticated phishing methods.
Phishing played a key role in 91% of attacks.
How the Attacks Are Carried Out
The data regarding what tactics attackers are using between last year’s report and this one is fascinating. Not only did the number of data breaches involving social attacks go up, but those caused by error and privilege misuse have gone up as well.
While the report lists the percentage of data breaches that involved phishing to be at 32 percent, this doesn’t tell the full story as phishing is often used in tandem with other forms of attacks that are more directly involved in the data breach such as using phishing to get an employee to download malware that is then used to steal company data. In fact, according to the report, more than half of all malware is delivered via email, which must involve phishing in order to infect the target.
With that said, even if the percentage in the report obscures some of the details, phishing still ranks as the number one most common method used in data breaches. Phishing played a key role in 91% of attacks. This means phishing attacks are more common and more dangerous than ever before.
With Cloudphish, you won’t have to hope that your employees will be able to detect a phishing attempt on their own because the software does all the work for them.
What You Can Do
Because phishing attacks are the most common method used by hackers to gain access to an organization’s data, this is where your security efforts should be focused.
Training employees and educating them about phishing attacks is one good way to decrease the odds of your organization falling prey to such an attack. However, this isn’t always the most reliable method of stopping phishing attacks and if you want to be as protected as possible, then you will need to implement anti-phishing software throughout your organization.
Having software that can detect phishing attacks before they’re able to cause a problem will help even when an employee trained in security fails to detect a phishing attempt. This means you take the human factor out of the equation and can be sure that your company is safe from phishing attacks.
This is where Cloudphish can help save you from the disaster of experiencing a data breach by keeping your employees safe from phishing attacks. With Cloudphish, you won’t have to hope that your employees will be able to detect a phishing attempt on their own because the software does all the work for them. Saving you from both the hassle and the cost of a potential data breach.