By Brad Taylor | CEO | Proficio
The 2019 Data Breach Investigations Report was released in December and highlights the many aspects of data breaches and frequency of their occurrence. In review, we find this gives us a great opportunity to reflect on what security teams should focus on in 2020.
According the report, about 1/3 of attacks originate from insiders and 2/3 are from outsiders. Over half of the attacks from outsiders were from groups with criminal motivations who were trying to steal intellectual property or access someone’s personal information to sell or hold for ransom. Unsurprisingly, C-Level Executives were 12 times more likely the target of an attack.
There was a notable increase in targeting cloud-based email like Office365, which is something many organizations use. Over a fourth of attacks involved malware – 24% were ransomware – which infects endpoints that are vulnerable and accessible to the malware. Errors were the root cause of 1/5 breaches and 71% were financially motivated.
Companies of all sizes including large and small are getting breached, with over 40% of breaches involving small businesses. Some of the most popular industries to target remain the same: Public Sector, Healthcare, and Financial.
Mobile users are even more susceptible to being attacked often by email-based spear phishing or social media attacks.
The most popular methods used by hackers are often Command and Control or Brute Force Attacks. However, exploiting known vulnerabilities or using stolen credentials or social attacks on senior-level executives are also frequently used to gain access.
More than half the time, breaches took months or longer to discover, reminding us that many organizations still lack visibility into actual breaches themselves. The top threat vector is web applications, but remote desktop and TeamViewer applications are seen as easy targets. Hackers are also still gaining access to through VPN.
While cybercriminals are looking for a quick victory, they often go through multiple steps before breaching data. This number is decreasing though, and the time from an attacker’s first action in an event chain to the initial compromise is typically measured in minutes.
Manage and Understand Risk
It is often said that it is no longer a question of if an organization will experience a data breach, but when. The report underscores this theory, and reminds us that people, platforms, and applications are still vulnerable to attacks; there is no room for complacency.
Given this reality, we recommend IT leaders strive to understand the cyber risk facing their organizations. Proficio provides our clients with cyber business intelligence and comparative risk data that allows them to see trends in attack volume and type, as well as gaps in their security controls and compare this to peers in their industry. Having this information is a critical step toward funding a strategic response to cyber risk and a first step towards a comprehensive cybersecurity plan.
Contact us to find out how Proficio can help with your security initiatives.