The Verizon Data Breach Investigations Report 2019 is now publicly available to download or read online.
It’s the 12th edition, and not surprisingly, it reveals that cyber criminals are still successfully using their hacking techniques—many of which are very common—and that we have failed to stop them. However, we are getting better at stopping them.
MORE THAN 40K SECURITY INCIDENTS, AND OVER 2K CONFIRMED BREACHES
Based on an analysis of more than 40,000 security incidents (including 2,013 confirmed data breaches,) the Verizon Data Breach Investigations Report reveals that cyber crime has a far-reaching impact and leads to increased costs for businesses globally. While this number is lower than last year’s 53K analyzed incidents, the actual cost of cybersecurity is getting greater each year.
The world has witnessed an overall increase in cyber attacks, data breaches, data leaks and espionage. This year’s World Economic Forum Report lists cyber threats as the fourth greatest risk to world economies, behind climate change and natural disasters. Governments are taking cybersecurity seriously, increasing spending on both defensive and offensive countermeasures to combat the problem.
CYBER CRIMINALS STILL USE THE MOST COMMON TECHNIQUES BECAUSE THEY’RE AFFORDABLE AND EFFECTIVE
The Verizon DBIR helps cybersecurity professionals determine where we are failing to prevent cyber threats and where we must focus our future efforts as we work to improve security.
The most successful attacks occur in 5 steps or less
This year the report confirms that cyber criminals are successfully hacking into companies and governments around the world in less than 5 steps. They are also very cost sensitive, using the most common techniques and the cheapest methods to exploit our security.
WE MUST REJECT COMPLEXITY AND FIND A BALANCE BETWEEN PEOPLE AND TECHNOLOGY
A clear indicator in the Verizon DBIR is that cybersecurity is about finding the right balance between humans and technology. Many of the incidents and breaches confirm that cyber criminals use hacking techniques that exploit vulnerabilities in both applications and humans. Technology alone can’t protect your identity or sensitive data.
Cyber criminals and other threat actors target people, seeking ways to manipulate them into giving up sensitive information unknowingly. They do this because it’s the easiest way to get at valuable data using a technique known as social engineering. It’s not surprising that people are the weakest link in the cybersecurity chain, and yet also the best hope for preventing a cybersecurity disaster.
There is much complexity in the cybersecurity industry, and it is crucial that we make technology simpler and easier to use if we want people to adopt the solutions we offer. We must get the balance between people and technology right. The future of cybersecurity lies in making it simple.
Below are my key takeaways from this year’s report
WHO ARE THE CYBER VICTIMS?
No victim is too big or too small. Everyone is a cyber attack target and it is only a matter of time before you become a victim. Sometimes you might be a direct target, other times a secondary victim as part of a supply chain, or simply just a target of opportunity. If you are in the public sector you are more likely to be the target of a cyber attack. 16% of breaches hit the public sector with local governments, council and cities all incurring major financial costs from ransomware. 15% of breaches hit the healthcare industry as medical records are a desirable target, followed by 10% hitting the financial industry as financial gain continues to be the top motive for cyber attacks.
Top industries hit by breaches:
- 16% were breaches of public sector entities
- 15% were breaches involving healthcare organizations
- 10% were breaches of the financial industry
43% of the victims were small businesses which means that any size organization can be a target.
All organizations large or small must have an Incident Response Plan in place to ensure they can recover from a cyber-attack.
WHO ARE THE THREAT ACTORS BEHIND CYBER ATTACKS AND DATA BREACHES?
Attribution is probably the most difficult task in cyber crime. Challenges include misdirection and a lack of digital footprints to help lead to the cyber criminals who are often located in another country and living under different laws. It is interesting to see the report’s findings on attribution:
- 69% are perpetrated by outsiders
- 34% involved internal actors
Not much changed in the trends between threat actors. Though it’s a surprise that botnets are not included as they typically represent threat actors using automation to assist with finding the attack path that will be the most successful entry point.
Organized criminal groups were behind 39% of breaches. This demonstrates that cyber crime is a lucrative business for criminals, and they are more likely to get away with the crime now than ever before.
Actors that identified as a nation state or state-affiliated were involved in 23% of breaches
Attacks perpetrated by cyber mercenaries are increasing as they continue to carry out both nation state cyber attacks and financially motivated attacks. If they do not target their own country their governments turns a blind eye, particularly in cases where they assist the government in gaining some type political or economic advantage. This makes it difficult to know for sure whether the cyber crime group was acting alone or under the influence of a nation state.
WHAT ARE THE MOTIVES?
When performing digital forensics, I look for the motive for the cyber attack. It is always important to understand why the cyber attack occurred in the first place. You will usually find that it is financially motivated, so following the money trail is part of any investigation. If you struggle to find a financial motive, then you follow the techniques used to determine who has the capabilities.
- 71% of breaches were financially motivated
- 25% of breaches were motivated by gaining some type of strategic advantage (espionage)
Espionage is on the increase and more nation states are using cyber now as both a political and economic tool to gain advantage over other nation states.
Another trending breach type is opportunistic criminals attacking and compromising numerous victims.
Surprisingly, organized crime has dropped over the past few years while crimes driven by System Administrators and nation state actors have increased. This is typically an indication that internal employees are walking out the door with sensitive corporate data (to benefit their future career and competitive advantage,) or that systems are poorly configured.
WHAT HACKING TECHNIQUES ARE BEING USED?
It is critically important that organizations know how cyber criminals target their victims. Knowing how cyber criminals subvert security systems and gain access to systems containing sensitive information helps organizations understand how they could become a target, and what they can do to reduce the risk and make it more challenging for attackers. I continually advise organizations to educate their teams on the latest hacking techniques as they can better understand where their business risks are and what they can do to reduce those risks.
- 32% of breaches involved phishing
- 29% of breaches involved use of stolen credentials
- 56% of breaches took months or longer to discover
Social Engineering is on the rise and people are the target
Password reuse is one of the culprits that enables cyber criminals to probe various internet services and gain unauthorized access to email, employee networks, social accounts, bank accounts and sensitive corporate information.
Slow reaction time is another. Organizations react slowly to data breaches, with most breaches lasting for months and taking even longer to discover. This slow reaction time has a serious impact on the total cost of breaches.
Ransomware continues to see more global use and financial impact. Ransomware is now considered a commodity that no longer requires significant technical expertise. If you have a computer and an internet connection, you can obtain ransomware and target a victim. Ransomware is easily within the reach of common criminals, so we’ll see an increase in use.
DDoS (Distributed Denial of Service) attacks cause major disruption and are often paired with other hacking techniques that are sometimes used for misdirection—while organizations are busy dealing with keeping their services running the cyber criminals are carrying out a crime elsewhere on the network.
Employee carelessness and errors still cause many incidents, and phishing is particularly common as cyber criminals know that a high percentage of employees will click on a hyperlink or open an interesting attachment, and at that point it’s game over. The good news is that cyber-awareness training is working, and employee clicks have decreased.
Cyber criminals and hackers persist with identity and credential theft. In fact, identity theft has increased by record numbers in recent years and is the primary focus of many cyber criminals. This is because it’s much easier to steal a trusted insider’s credentials and bypass traditional cybersecurity controls than it is to break through the firewall.
WHAT ARE THE CAUSES OF INCIDENTS AND DATA BREACHES?
Top Security Incidents:
- DoS (Denial of Service) Attacks
- Data Loss
- C2 (Command and Control)
- Use of Stolen Credentials
- Backdoors or C2 (Command and Control)
Email is still the top delivery method of cyber attacks and Office Documents are the top file types used to infect systems. Phishing is the most common technique used to gain trust. The human is the top target as so many are likely to click on the links or unknowingly give over their credentials—including their password.
Top Hacking Techniques:
- Email is the #1 delivery method
- Office Document is the #1 file type
- Phishing is the #1 technique
- Human is the #1 target
Privilege Abuse is a problem for organizations who fail to implement privileged access management solutions. As a result, their employees have high-level privileges that are typically unnecessary to perform their jobs. These privileges go unmanaged and unprotected, leaving the organization exposed to unnecessary risk.
CYBER AWARENESS DOES WORK AND WE MUST KEEP EDUCATING EMPLOYEES
A comprehensive cyber awareness training program helps an organization reduce the risk of easily becoming a victim of a cyber attack. The trend in the Verizon DBIR shows that employees are now less likely to click on a malicious email than in previous years and indicates that they are being more cautious about email threats. We need to keep up the momentum and make employees a defensive asset in our cybersecurity strategy, not one of our greatest weaknesses.
Download Thycotic’s award winning Cybersecurity for Dummies book to help in your continuous employee cyber awareness training:
Cybersecurity for Dummies is free and delivers a fast, easy read that describes what everyone needs to know to defend themselves and their organization against cyber attacks. It empowers your employees to understand and recognize the most common cybersecurity threats they face in their daily work and personal lives, and includes topics like:
- Recognizing cybersecurity threats—even the newest ones
- Responding to a cyber attack quickly, effectively and appropriately
- The top 10 actions for protecting yourself from a cyber attack, at work and at home
The 24-page eBook explains in simple terms how cyber criminals target their victims, what employees can do to reduce their risk, and how they can personally make it a lot more difficult for attackers to steal passwords and gain unauthorized access to sensitive information.
WHAT DO CYBER CRIMINALS WANT?
Only when you understand why cyber criminals carry out attacks can you act appropriately to reduce your risks and strengthen your cybersecurity defenses. Typically, they attack for financial reasons, for espionage purposes, to act on a grudge, or for the fun of the challenge.
“PERSONAL INFORMATION IS THE MOST VALUABLE CORPORATE ASSET”
The data being stolen by cyber criminals in data breaches are personal information, payment details, medical info, credentials and internal IP.
EMAIL IS THE PRIMARY DELIVERY METHOD OF MALICIOUS MALWARE
Your organization is most likely to be a victim of ransomware or malicious malware via a simple email. It only takes one employee to click on a malicious link or attachment to give a cyber criminal a foot in the door to a much larger cyber attack.
Phishing emails most often use 3 key methods to gain the victims trust: Fear, Time and Impact. Phishing emails will use those methods when the employee is most distracted by other tasks.
Data is one of the most targeted assets in a company and knowing what data you have and how it is protected is one step in knowing the risks to your business. The top targeted data assets in the Verizon DBIR shows the data that has the most monetary value to cyber criminals.
Top Data Asset Target:
- Internal Data
It’s worth noting that privilege abuse is consistently in the top 3 incidents and breaches.
CONCLUSION AND RECOMMENDATIONS
The Verizon Data Breach Investigations Report is always an eye-opening read and an excellent annual reality check for organizations globally. It keeps us all up to date on the past year’s cybersecurity activities, changes in techniques and the growing trends.
“Understanding hacker techniques and processes is the best way to defend against cyber attacks, and focusing on business risks is the best way to get security budget, according to an ethical hacker” – Joseph Carson
Cybersecurity has become part of everyone’s daily life and can no longer be separated into personal and work life. Once only a concern in the workplace, today cyber attacks are more common and affect everyone connected to the internet.
I predict that cyber attacks will be the biggest threat to every human being and business on earth and will trigger future wars and political instability.
Want to avoid becoming the victim of a data breach? Start with this:
- Educate everyone in your organization on the fundamentals of cybersecurity—no matter their position.
- Use cybersecurity and privileged access management software that’s people-friendly—when it’s easy to use people will use it.
- Implement Multi-Factor Authentication for emails and all sensitive privileged accounts.
- Enable encryption to protect user credentials and privacy.
- Automate the management and security of privileged access using a full-featured PAM solution.
*** This is a Security Bloggers Network syndicated blog from Thycotic authored by Joseph Carson. Read the original post at: http://feedproxy.google.com/~r/Thycotic/~3/kxDcq8khSZY/