Every year, Verizon leads a large community of contributors into analysis of known breachs to extract insights actionable for defenders.
This makes the yearly Data Breach Investigations Report a must-read for any planner.
Get the full report here.
Some key take-aways:
Within the 53,000+ incidents and 2,200-odd breaches you’ll find real takeaways on what not to do, or at the very least, what to watch for.
At first glance, identifying 53K+ incidents in only 12 months suggests an information security dystopia, an uneven playing field where the bad guys consistently win out. And, the 2018 Data Breach Investigations Report (DBIR) is full of nefarious events by offenders both known and unknown.
However, that same catalog of unscrupulous activities offers security pros a first-hand view into current cybercrime trends, and a map towards developing a prosperous and mature security program.
76% of breaches were financially motivated.
4% of people will click on any given phishing campaign.
Ransomware is the top variety of malicious software, found in 39% of cases where malware was identified.
The nature of breaches depends on which sectors are involved. For example, in the hotel industry, 90% involve point of sale devices. In education, there are a high number of insider attacks (about 20%). And social engineering is key as a vector. In the financial sector, there are also about 20% insider enabled. In healthcare, about 56% are inside attacks.
In other bad stats, the timelines of breaches remain at similar horrible levels as in the past. 68% of breaches took months or longer to discover.
The DBIR leads to underscore the type of security advice many of us have been giving for years:
- Don’t wait to find out about a breach from law enforcement or a customer. Log files and change management systems can give you early warning of a security compromise.
Make people your first line of defense
- Do your employees understand how important cybersecurity
is to your brand, and your bottom line? Get them on board, and teach them how to spot the signs of an attack and how to react.
Only keep data on a need-to-know basis
- Do you know who can see your sensitive data and systems? Limit access to the people who need it to do their jobs, and have processes in place to revoke it when they change roles.
- Cybercriminals are still successfully exploiting known vulnerabilities. You can guard against many threats simply by keeping your anti-virus software up to date.
Encrypt sensitive data
- Do what you may, one day you’re likely to be the victim of a breach. But by encrypting your data you can render it useless if it is stolen.
Use two-factor authentication
- Phishing campaigns are still hugely effective. And employees make mistakes. Two-factor authentication can limit the damage that can be done if credentials are lost or stolen.
Don’t forget physical security
- Not all data theft happens online. Surveillance cameras and entry systems for restricted areas, for example, can help avoid criminals tampering with systems or stealing sensitive material.