Workload and Application Security Blog

The 2019 Verizon Data Breach Investigative Report Is Out – Shows Major Perimeter Weaknesses for Enterprises

Written by Virsec | May 14, 2019 2:34:22 AM

Brilliance Security Magazine, Payments Next & Solutions Review, May 8, 2019, with comments by Satya Gupta

Report reveals C-suite executives are hacker targets 12 times more often than average employees  

Verizon’s Data Breach Investigative Report shows several areas of perimeter weakness, some critical. One such critical vulnerability concerns high-level executives, targeted by hackers 12 times more than average employees and victims of social breaches 9 times more often. These C-suite attacks numbers shine a light on areas enterprises must address in their perimeter and endpoint security.

DBIR report includes data from 73 global organizations

The DBIR report is a comprehensive annual report and this year the 80 pages of analysis are based on data breach information from 73 contributing organizations, both public and private across 86 countries. Analysts reviewed 2,013 confirmed data breaches among the 41,686 total security incidents they reviewed.

Verizon said the break out of the majority of targeted breach victims are distributed as:

  • 43% small business
  • 16% public sector
  • 15% healthcare
  • 10% financial industry

The variety of attacks included wide range of events; some data points below:

  • 52% hacking
  • 33% social media attacks
  • 71% of attacks were financially motivated
  • 25% of attacks identified as espionage
  • 69% of data breaches conducted by outsiders
  • 34% of data breaches involved insiders
  • 39% of events involved organized criminal
  • 23% attacks identified as involving “nation-states”

Additional key data breach and malware findings from the DBIR report:

  • Ransomware constitutes almost 24% of security incidents. Verizon believes their frequency contributes to a lack of media attention.
  • Cryptocurrency mining malware only accounts for 2% of cybersecurity incidents. None of this kind of attack ranked in the top 10 malware varieties.
  • External threat actors contribute 69% of all breaches.
  • Insider threats contribute 34% of breaches.
  • Web-based email compromises using stolen credentials appear in 60% of attacks involving web application attacks.
  • Attacks on Human Resource personal have decreased 6x from last year; W-2 tax form scams nearly non-existent in DBIR
  • Chip and pin technology is paying off – fewer terminal compromises seen with payment cards compared to web applications being compromised.
    --The flip side of this noted in report: Payment card web application compromises are well on their way to exceeding physical terminal compromises in payment card-related breaches.)
  • The majority of breach attacks (69%) come from external threat actors, with 34% of insider breach attacks coming from insiders

Comments from Satya Gupta on DBIR report

Satya Gupta, CTO and Co-founder of Virsec shared the insights below with various publications noted.

On Targeted Attacks

“The latest Verizon DBIR highlights that cyberattacks are becoming much more targeted and dangerous. They noted a huge increase in C-level executives being individually targeted. The same trend is happening with specific network tools and industrial equipment. Attackers are prolific at scanning networks and finding specific types of vulnerable equipment, then targeting them with specific malware designed for these devices.”

On Targeting Servers

“The vast majority of security tools focus on user endpoints – laptops, desktops, mobile. But 80-90% of current incidents involve corporate servers, whether on-premises or in the cloud. Analysts like Gartner are stressing that user endpoint security tools are not effective protecting servers or cloud workloads – in fact, they are dangerous because they provide a false sense of security. Server-side security requires much more attention.”

On Dwell Time

“There continues to be a temporal disconnect between the time frame for attacks versus response. The report points out that attack chains act within minutes while the time to discovery is more likely to be months. This gap must be tightened and security tools need to focus on real-time attack detection if we are to have any chance to curtail these breaches.”

 

Read full Brilliance Security Magazine Verizon 2019 Data Breach Investigations Report – Reactions article.

Read full PaymentsNext Insights from Verizon’s 2019 Data Breach Report article.

Read full Solutions Review Major Data Breach Report Reveals Key Perimeter Weaknesses article.

Further resources:

White paper: White Paper: Deterministic Protection Against Fileless and Memory-Based Attacks

Newsletter: Latest issue

Web Application Security:  Product page

Blog: Prediction Series #9: Hackers continue spending weeks & months of dwell time in networks