Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Digesting the Verizon Data Breach Investigations Report 2017

October 20, 2017

  • Blog
  • Archive

The much anticipated 2017 Data Breach Investigations Report from Verizon was launched this week and once again it highlights some interesting and concerning security trends.

This is the tenth year the Verizon Data Breach Investigations Report (DBIR) has delved into the world of cyber security as it pulls together a comprehensive picture of cyber crime today.

So, what does this year’s DBIR tell us?

Unmasking the culprits

Of the 65 organizations Verizon surveyed, around 75% of breaches were perpetrated by outsiders or organized criminal groups (51%). However, the enemy within also can’t be ignored. Verizon found that 25% of breaches resulted from internal actors, malicious or otherwise. In 60% of these cases, insiders absconded with data in the hope of converting it into financial gain in the future.

Who is affected?

Financial organizations remained the main target for cyber crime. 24% of breaches affected the financial services sector. Elsewhere healthcare and retail both ranked towards the top of the hackers hit list, representing 15% of breaches each.

Means and methods

Verizon found the overwhelming majority of hacking-related cases related to stolen or weak passwords and over half of breaches (51%) included some form of malware. One of the standout statistics in this area was that 43% of breaches originated via social media, underlining how social engineering has become an effective weapon in the cyber criminal’s arsenal.

7.3% of users across multiple data contributors were successfully phished – whether via a link or email attachment. In a typical company with over 30 employees, around 15% of users who fell victim once also took the bait a second time.

What else do we know?

This year’s DBIR also uncovered how email attachments are proving a fruitful tactic. 66% of malware was installed via malicious attachments.

Key learnings

From my own experience, and when we analyze many of today’s data breaches we often find a common pattern, or we can point to a common set of mistakes. Though the approach cyber criminals are taking is diversifying and becoming more sophisticated, the overall strategies remain unchanged. In fact, Verizon found that 88% of breaches in this year’s report fall into nine patterns it first identified back in 2014.

Unfortunately, many organizations are still failing to take appropriate action to address the gaps in their defenses. There remains a certain level of apathy which seems to be harder to eradicate than we’d like, as Verizon themselves identify, “No one thinks it’s going to be them. Until it is”.

We need to change that mentality, we need to move away from reacting to data breaches to proactively defending against them with the right mix of technologies that are fit for purpose, not outdated AV or firewalls. No matter what size your business, if you don’t have solid security foundations in place it will collapse.

You can learn more about how Defendpoint can proactively secure your business and defend against data breaches by visiting https://www.avecto.com/defendpoint or get in touch with one of our tech consultants for a software demo.

Andrew Avanessian

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.