Verizon Enterprise has once again released its annual Data Breach Investigations Report (DBIR). The publication doesn’t disappoint in providing crucial insight into today’s digital threats. On the one hand, Verizon’s 2019 report captures how many forces in the threat landscape have remained the same since its previous report. The study observed how sending data to incorrect recipients is still an issue for many organizations, for instance, and how financial gain remains the most common motive for data breaches.

On the other hand, the analysis reveals how the digital threat landscape is always changing. This year’s report embodies such dynamism by adding a new subset of data related to financial attacks as well as by uncovering a reduction in card-present breaches involving point-of-sale (POS) environments and card skimming operations. We’ll examine those developments below.

Introducing FMSE

For the 2019 DBIR, Verizon Enterprise’s researchers analyzed 41,686 security incidents, 2,013 of which were confirmed data breaches. This examination uncovered 370 financially motivated incidents that in 248 cases produced either a data breach or fraudulent action. Primarily featuring web application attacks, these events featured social actions, including financially motivated phishing and pretexting, but they did not include the installation of malware or employee misuse.

To properly account for these attacks, Verizon Enterprise created a new subset of data called financially-motivated social engineering (FMSE). These operations, which are also included in the report’s main corpus, focused primarily on credential theft and tricking people into transferring money into fraudulent accounts. Such FMSE incidents affected all industries, but they disproportionately targeted Professional Services, Healthcare and Finance organizations.

The Decline of Card-Present Breaches

One of the most significant changes which Verizon Enterprise uncovered in its 2019 DBIR was the reduction of card-present breaches involving POS environments and card-skimming operations. Digital criminals instead shifted (Read more...)