Organized crime organizations are behind 62% of external actor-based breaches.
System admins are the top internal actors responsible for breaches 25.9% of the time.
76% of breaches are financially motivated, and 68% took months or longer to discover.
58% of security breach victims are small businesses, the largest segment overall.
Healthcare, Accommodation, Public Administration, Retail, and Finance are the top five industries experience the most breaches today.
Cyber-Espionage and the stealing of valuable intellectual property drive 47% of all manufacturing IT breaches.
These and many other fascinating insights are from the 11th edition of Verizon’s 2018 Data Breach Investigations Report. The report is available for download here (PDF, 68 pp., no opt-in). Verizon has taken a rigorous data-driven approach to analyzing security breaches and incidents, providing insights not available in any other research study on security. The depth of analysis and insights gained to make this report noteworthy for anyone interested in Zero Trust Security (ZTS), Next-Gen Access and enterprise IT security. The study confirms the widely-held belief that using stolen or compromised credentials are the most common approach hackers use to attack and breach systems
Verizon finds there has been over 53,000 incidents and 2,216 confirmed data breaches this year. They define a breach as an incident that results in a confirmed disclosure of data by an unauthorized actor, while incidents are a security event that compromises the integrity, confidentiality or availability of an information asset. Please see page 60 of the study for a complete definition of the methodology.
Key takeaways from the study include the following:
Organized crime organizations complete 62% of external actor-based breaches, and system admins are the top internal actors responsible for breaches 25.9% of the time. Organized crime and state-affiliated actors are responsible for 6% of external breaches. Internally-based actors responsible for breaches are more distributed, with end users responsible for 22.3%, doctors or nurses initiating 11.5%, and developers, 5% of internal breaches. The following graphic provides the distribution of top external and internal actor varieties in breaches.
Databases are the top assets involved in breaches (19.6%), followed by POS terminals (15.8%), POS controllers (15.8%), and Web Apps (13.7%). Verizon’s analysis refle
cts the wide variety of assets involved in breaches, ranging from desktop systems (12.8%) to digital documents (11.3%) and mail servers (6%). The wide variety of assets involved in breaches underscores how important it is to implement a Zero Trust Security (ZTS) approach across an enterprise and each of its endpoints. Leaders in ZTS include Centrify, a leader in Next-Gen Access solutions, Palo Alto Networks for firewalls, and NetFoundry & Symantec for cloud access security and policy orchestration.
Phishing and pretexting represent 93% of social attack-based breaches. Email continues to be the most common vector (96%) for launching social attacks, with 99% of the actors being external to organizations. 59% of phishing and pretexting attacks are motivated by financial gain, with an additional 38% motivated by corporate espionage (multiple responses were allowed in the survey and please see the results for additional details). Verizon found that motives for phishing attacks alone are divided between the opportunity for financial gain (59%) and espionage (41%). The study makes a great point that phishing is relied on as the lead action or strategy of a more expanded attack that is followed by malware installation and further actions to attain greater exfiltration of data. The study found that 78% of people didn’t click a single phish all year, highlighting the effectiveness of internal firewalls and ongoing security training. Social breaches are gaining access to personal data the majority of the time (47.2%) followed by proprietary company IP or secrets (25.9%), and credentials (16.8%) which are used to launch compromised credential attacks.
Healthcare, Accommodation, Public Administration, Retail, and Finance are the top five industries that experience the most breaches today. Breaches in the Accommodation industry initiated by POS attacks, hacking and malware dominate the study’s findings with Healthcare leading all industries in compromised credential checks. Analyzing breaches by the incident classification patterns provides fascinating insights into how breaches are planned and executed. In the last ten years over 90% of data, breaches continue to align with the original nine patterns. The following heat map compares incidents and breaches by incident patterns, actions, and assets.
Verizon’s 2018 Data Breach Investigations Report reveals a daunting threatscape where untrusted internal and external actors are orchestrating multiple actions to breach internal systems for a wide variety of motives, with financial gain being just one. The heat map shown above amplifies why Zero Trust Security (ZTS) is so essential for all organizations today, especially small businesses, who are targets of breaches 58% of the time. ZTS starts with Next-Gen Access, which enables organizations to verify users, validate devices, limit access & privilege, and learn and adapt to every user’s access attempt at every endpoint across their internal and external networks.