Use the Verizon’s 2019 Data Breach Investigations Report to Adapt your Cyber Defenses

Jose Varghese
By Jose Varghese

May 13, 2019

How can you avoid getting breached? Simply analyze companies that have suffered a recent incident, learn what attacks caused these recent successful breaches, and proactively raise your defenses against them.

A good starting point is: Verizon’s 2019 Data Breach Investigation Report (DBIR). This report analyses over 41,000 recent security incidents, spread across 86 countries, that resulted in 2,000 recent data breaches. Verizon compiled these data from their own internal resources, and from independent data sets provided by 66 global security service providers - Including incidents and breaches analysed by Paladion.

The way we see it, we all share this one fight against global cybercriminals, and we can only win this fight by sharing our experiences and creating a clear picture of what we’re up against.

Verizon’s 2019 DBIR: Key Findings

Reviewing the DBIR’s data, we uncovered three big themes that drive today’s cybercrime.

Theme One: No One is Safe

Every vertical is being attacked and faces its own unique threats. Education is being attacked by financially motivated criminals. Healthcare is beset by insider threats. Manufacturing has become a massive target for cyberespionage.

Organizations of every size are also being targeted. Enterprises are no longer the prime target— nearly half (43%) of reported breaches occurred within small companies. And while senior executives are increasingly targeted via social engineering, individuals at every role level are causing breaches (whether acting as deliberate insider threats, or simply by falling for phishing and credential theft).

Theme Two: Threats Evolve Fast and Come from Every Angle

There is no single, dominant form of attack driving today’s threat landscape. Approximately one-third (32%) of breaches are caused by phishing and approximately another third (29%) were caused by stolen credentials. Ransomware is still a huge threat (accounting for 24% of malware incidents), but many of last year’s emerging attacks—such as crypto-mining and payment card POS attacks—have declined and represent small (>5%) attack strategies.

here is also no single attacker profile or motivation anymore. While the majority of cybercriminals (71%) are driven by financial aims, many attackers are also now motivated by espionage, and by political motivations. Though hacktivist threats have subsided, a large minority of breaches (23%) are now caused by nation states.

Theme Three: Organizations Struggle with their Digital Infrastructure

The DBIR found that one-fifth (21%) of breaches were caused by simple human error. Over half (56%) of breaches went undetected for months because of ineffective (or completely non-existent) monitoring of vast digital networks. And over 60 million records were breached because their organizations simply failed to properly configure their Cloud service buckets.

Cybercriminals are taking notice, and increasingly target these vulnerable platforms through very simple means. 98% more Cloud-based email accounts were compromised year-over-year, and simple stolen credentials accounted for 60% of web application hacks.

How to Protect Yourself in 2019 and Beyond

Verizon’s findings mirror our own experience of the cybersecurity landscape. Organizations are adopting digital infrastructure faster than they can adapt their internal security controls. They are beset by a complex and shifting web of attacks and attackers.

The picture the DBIR paints is frightening, but the solution is clear

1. Use Detection and Response Solutions 

Whether you are an enterprise with a complex network of preventive security controls or a small business with a modest security framework, you need to invest in detection and response solutions. A persistent attacker can and will navigate your preventive controls, but a detection and response driven solution hunts for threats before an incident becomes a breach.

2. Cover your bases with Artificial Intelligence

Human only driven security operations are doomed to fail even if you have a large threat hunting team, because we know that attacker’s TTPs are constantly evolving. Artificial Intelligence can help you break the attacker-defender asymmetry by applying predictive algorithms on end point analytics, network threat analytics, application threat analytics, and user behavior analytics. So, look for an AI-Driven Managed Detection and Response (MDR) service.

3. Don’t leave your cloud security to your CSP

Data on your cloud is not protected by your cloud security provider – really it is not! There are a host of security responsibilities that a cloud user needs to manage himself. So, when choosing a managed security service vendor, look for their capabilities to protect your multi-cloud deployments along with your on-premise installations. If you are managing your cloud security in-house, augment it with Managed Detection and Response (MDR) capabilities with a security vendor that can deploy MDR on the cloud.

That’s all for now folks. Are you still piecing together takeaways for your organization from the DBIR report? Speak to one of our security experts.

Tags: PCI compliance and SIEM, Uncategorized