Findings point to greater insider threats targeting data

PHOENIX, April 12, 2018 – BeyondTrust, the leading cybersecurity company dedicated to preventing privilege misuse and stopping unauthorized access, announced today that the 2018 Verizon Data Breach Investigations Report (DBIR) leverages anonymous vulnerability statistics from BeyondTrust. Data was provided to help classify threats that have not been mitigated on the Internet. This data was classified by business vertical, platform, age, and vulnerability, and was created from BeyondTrust’s BeyondSaaS cloud-based vulnerability management solution based on Retina vulnerability assessment technology and hosted in Microsoft Azure.

Key findings of the report include:

  • Breaches based on External actors are on the decline (~73% this year), and threats based on Insiders is increasing (~28% this year). While the gap is still wide, the trend has been consistent for the last four years indicating organizations need to more seriously consider the insider threat as an attack vector.
  • Healthcare breaches increased 81% –from 296 in 2016 to 536 in 2017–with a greater insider threat than external threat. Digging deeper into the data, the report shows privilege abuse accounting for 74% of cases. This confirms that privileges are the primary method to conduct a successful attack and that the methods to get them are primarily through hacking techniques (#1 action variety in breaches).
  • Breaches related to privilege misuse in the Accommodation industry vertical jumped from 5 in last year’s report to 302 in the 2018 report, a 5,940% increase. Threat actors are following rich data to the money. As with Healthcare, the Accommodation vertical is ripe with personal information, including payment, preferences, rewards and more.

“This year’s Verizon DBIR makes it especially clear that organizations need to focus on the security basics like vulnerability management and do better with proactive measures within their control,” said Morey Haber, Chief Technology Officer, BeyondTrust. “Proactive measures such as privilege and password management and the removal of administrator rights lead to meaningful improvements in data breach protection that no one should ignore.”

Following are BeyondTrust’s Top five recommendations organizations can take immediately to strengthen their security postures:

  1. Deploy patches for known vulnerabilities as soon as possible to mitigate the attack surface of external parties seeking to become insiders by leveraging credentials to move laterally throughout an organization. Lateral movement can lead an attacker to exfiltrate data from a file server or database, which the report tells us, is much more damaging than owning a single user device.
  2. Deploy a password management solution that discovers every account in the environment, securely stores and manages credentials, requires an approval process for check-out, monitors activity while checked out, and rotates the credential upon check-in. Look for a workflow-based process for obtaining privileges. If requests happen during normal business hours and within acceptable parameters, set auto-approval rules to enable access without restricting admin productivity. But, if time, day, or location indicators point to something out of band, secure workflows can ensure the access is appropriate.
  3. Segment your network or implement a secure enclave to ensure all privileged accounts (employees, contractors, and third parties) do not have direct access to manage devices. This model ensures that only approved devices and restricted network paths can be used to communicate with sensitive resources.
  4. Enforce least privilege across your entire environment by removing local admin rights from end users, and restricting the use of admin and root account privileges to servers in your data center. Elevating rights to applications on an exception basis, and employing fine-grained policy controls once access is granted can quickly limit the lateral movement of would-be attackers.
  5. Implement multi-factor. Multi-factor authentication raises the bar given the number of breaches that involve weak, stolen or default credentials. As the report says (page 28), “… passwords, regardless of length or complexity, are not sufficient on their own.” Attackers need credentials to move laterally and multi-factor makes that movement difficult if not likely. When reviewing the need for multi-factor the only right answer is every user, every account.

About BeyondTrust

BeyondTrust is a global information security software company that helps organizations prevent cyber attacks and unauthorized data access due to privilege abuse. Our solutions give you the visibility to confidently reduce risks and the control to take proactive, informed action against data breach threats. And because threats can come from anywhere, we built a platform that unifies the most effective technologies for addressing both internal and external risk: Privileged Access Management and Vulnerability Management. Our solutions grow with your needs, making sure you maintain control no matter where your company goes. BeyondTrust’s security solutions are trusted by over 4,000 customers worldwide, including half of the Fortune 100. To learn more about BeyondTrust, please visit

Follow BeyondTrust


For BeyondTrust:

Mike Bradshaw
Connect Marketing for BeyondTrust
P: (801) 373-7888