In this paper, I will explore the past few years of Verizon’s Data Breach Investigation Reports, highlighting emerging trends in the world of cyberattacks and data breaches. Of these reoccurring events, I will discuss the continued growth of social engineering attacks, miscellaneous errors, ransomware, cyber-espionage, and the dangers of improper email usage. Then, I will explain why researching trends in cybersecurity is vital to the continued operation of an organization and why these specific trends hold significant value in the coming years. Finally, I will summarize why the patterns I have chosen occur and how to avoid them.
Data Breach Investigations Report is the 9th edition of the collection of data breaches and information security incidents from the previous year; its data is a summary of over 100,000 events that have occurred in the hope that one will be able to properly manage their information security so that these attacks will not happen to them as well (Verizon, 2016). Data breach information is vital as no security system can entirely prevent these incidents (a security event that affects the integrity and availability of an information asset) and breaches (an incident that creates disclosure and exposure of data to one who isn’t authorized to access it). With this information, you will be one step ahead of the individuals who pose these threats.
In 2016, we saw cybercriminals continuing to exploit human nature as they rely on attacks such as phishing and ransomware. Phishing (when users are sent an email from a fraudulent source) is on the rise as the percentage of users who open these emails rose from 23% to 30%. Ransomware attacks increased as well, with an added 16% from the previous year. Per the report, 89% of all attacks involve espionage or financial motives. It is quite shocking that most of these attacks use known vulnerabilities that never have been patched even though these patches exist. The top ten known vulnerabilities accounted for 85% of the total number of exploits. What is even more shocking is the number of data breaches that involved using stolen or weak passwords. A total of 63% of data breaches were recorded using this easily prevented method (Verizon, 2016).
Also, per the report, miscellaneous errors are at the top of the list for security incidents; these events occur when there is improper disposal of information, incorrect configuration of IT systems, as well as lost and stolen items such as laptops. 26% of these errors came from sending data to the wrong person. What does this information say about the trend of cyber-attacks? It all has less to do with the actual programs and technology and more about human error. The time it takes these cybercriminals to compromise or hack into systems or data is also very alarming. In 93% of the cases reported, it took attackers less than a minute to compromise the affected systems; if this doesn’t motivate your organization to strengthen security, I’m not sure what will (Verizon, 2016).
In the 2017 Verizon Data Breach Investigations Report, the trends identified in the 2016 document held true. 43% of the events were social attacks, including cyber-espionage and web application attacks. By merely influencing or holding leverage over an individual utilizing various forms of social engineering, intruders could bypass many of the security protocols set in place. Phishing was again the top variant, being involved with 90% of both breaches and incidents. When it comes to miscellaneous errors in 2017, there were over 2,478 incidents of misdelivery, disposal, publishing, and misconfiguration errors. Cyber-espionage continued to be a problem, with targeted phishing campaigns at the top; educational organizations were impacted much more than in 2016 (Verizon, 2017).
In 2018, we saw the trends between 2016 and 2017 continue to make their appearance. Phishing and pretexting represented a surprising 98% of social incidents; the top industry for these breaches was the public sector. In 2018, over 73% of breaches were perpetrated by outsiders, and 48% featured hacking. Ransomware continues to make its tragic incline of incidents, ranging from around 0% in 2013 to over 40% in 2017 (Verizon, 2018). In 2019, cyber-espionage related breaches increased from 13% in 2017 to 23% in 2018, which should place some fear into the hearts of many businesses. A surprising 90% of malware arrived via email, showcasing the dangers of improper policies and employee training (Verizon, 2018).
What can one do to increase their defenses against these threats? First, by reading reports such as Verizon’s Data Breach Investigations, one can know what attack patterns are the most common for your industry. Implementing a two-factor authentication on all computers, systems, and applications is another method you can decrease the risk of a successful attack. Patches and updates are an easily forgotten way to intensify your defenses as well and should always be implemented. Above all, as pretty much every data breach report over the past few years states, human error is one of the most significant areas of weaknesses. Proper training for your staff in various approaches to protect against malicious attacks is vital in today’s modern society.
Overall, these reports were very illuminating and I learned a lot about both past and present data breaches and security incidents; however, the results were pretty much what I suspected. Miscellaneous errors, insider use, privilege abuse, as well as physical theft and loss, are all areas in which humans impact organizational information security. The lesson to be learned here is that no locale, organization, or industry is safe from attackers. Understanding these patterns and events can help one prioritize resources and personnel to set up a cost-effective and successful defense system to combat a large number of cybercriminals in the world today; using this information to your advantage will help prevent problems down the road and should be studied in detail.
Verizon. (2016). 2016 Data Breach Investigations Report. Retrieved from https://content.bellevue.edu/cst/cis/608/cd/docs/rp_DBIR_2016_Report_en_xg.pdf.
Verizon. (2017). 2017 Data Breach Investigations Report. Retrieved from https://content.bellevue.edu/cst/cis/608/cd/docs/rp_DBIR_2017_Report_en_xg.pdf.
Verizon. (2018). 2018 Data Breach Investigations Report. Retrieved from https://enterprise.verizon.com/resources/reports/DBIR_2018_Report_execsummary.pdf.
Verizon. (2018). 2018 Data Breach Investigations Report. Retrieved from https://enterprise.verizon.com/resources/reports/dbir/.