2019 Verizon Breach Report – A first look
In our past blogs, we focused on where to seek information and highlights a recently released report which contains useful and valuable information. We also mentioned about the Horizon Scan Report (2019) by BCI
Today we will give an overview of the 2019 Verizon Breach Report
Where to start, 2019… another year and another Verizon Data Breach Investigations Report (DBIR). The report is always eagerly anticipated in the hope we’ll discover we’ve learnt something over the past twelve months and that organisations have finally started to take data breaches seriously by implementing the necessary safeguards. Sadly, this year is no different. While there may have been a shift in the types of breaches occurring, POS (card-present) and ATM skimming breaches both decreasing and attacks on e-Commerce applications increasing, the number is still staggering.
Broadly speaking, there were a few new insights, but no major surprises in this year’s edition. Organisations are still failing to implement the basic security safeguards and are falling victim to the same attacks. Yet again, the success of a breach was dependent on the ‘time to compromise’, which is typically a few minutes, as opposed to the breach discovery time which can extend to months. To thwart or minimise the effects of a breach, or even the chance of being breached, organisations need to analyse and understand the data being stored, implement the necessary controls to protect the systems containing the data and/or the data itself and, finally, implement controls to prevent data from being exfiltrated in the event an intrusion has occurred.
According to the report, nearly 29% of breaches last year used stolen credentials. All successful attacks require privileged credentials to accomplish their goals and are used for installing malware or key loggers, stealing data or disabling systems. One factor exacerbating a successful breach using this method is password sharing, which is still prevalent in many organisations. One stolen shared credential allows an attacker to move throughout the network, searching for information. Compounding this is the fact that many organisations don’t regularly change their credentials, allowing attackers to remain within an environment for extended periods. For this reason, stolen credentials are the second most common threat action cited in the DBIR. Unsurprisingly, ‘phishing’, which we’ve all been familiar with for the past few years, is the top threat action for 2019. These two threat actions are inextricably linked. The 2019 DBIR highlighted company executives as being particularly susceptible to phishing, revealing that the C-suite are 12 times more likely to be the victims of a ‘social incident’ than in previous years.