Each year, Verizon provides a Data Breach Investigation Report (DBIR) which looks at the trends from the past year’s data breaches. Verizon builds this report using 73 data sources, with a combined total of 41,686 security incidents. By looking at the trends, we can see what’s happening in the information security landscape and try to better align our resources to combat the threats we are most likely to see. In this blog, we will look at some of the key takeaways from the 2019 Data Breach Investigation report and provide some quick tips to protect your organization.
Takeaway 1: Small Businesses are Being Targeted
The 2019 Data Breach Investigation Report states that 43% of the breaches from the past year involved small businesses. That is a staggering number. The reason behind this may be simple: larger organizations have more resources to put towards information security and likely have a more mature information security program. This equates to advantages, such as the fact that the perimeters of larger organizations may be more locked down or they may have a longer running security awareness training program.
If you are a small business, this means you need to put your guard up. According to the National Cyber Security Alliance, 60% of small and mid-size businesses that are hacked go out of business within 6 months, meaning your security can be a matter of life and death for your company. To get started, consider having a penetration test performed to identify your areas of weakness and help quantify the most significant risks for your organization.
If you are a large organization, this stat is still really important for you. Who are the vendors you are using and what access levels do they have on your network? In recent years, we have seen an uptick in supply-chain attacks, where an attacker will target a small business that you have a relationship with in order to leverage the small business’ weaknesses and ultimately target your organization.
Takeaway 2: Consider the Insider Threat for Data Breaches
At 69% of the attacks, outsiders remain the primary threat for most organizations. But 34% of all attacks involved internal actors. You will notice some overlap there, as those two percentages add up to more than 100 because some data breaches involved both external and internal actors. Simply put, as much as you trust your employees, 34% is too large of a number to ignore and say “it will never happen to me.”
When considering the risk of an insider threat, the first thing to think about is whether you have an insider threat program. Do employees have an anonymous way to report suspicious activities? Additionally, you should consider an internal penetration test. An internal penetration test really kills two birds with one stone. First, it will help you answer the questions: What is the impact of a malicious insider? What damage can an employee who finds out they are being fired cause? Second, if an attacker gains a foothold on the internal network either through social engineering, password reuse, or a vulnerability on your perimeter, what damage can they cause?
Takeaway 3: Social Engineering
Social engineering was involved in 33% of the reported data breaches. Further, email was used to deliver 94% of the malware that hit organizations. Far too often, organizations are focusing their resources on securing the perimeter, but fail to consider the weakest link: their employees.
Preventing or slowing social engineering attacks requires a multi-faceted approach. First, ensure you have a good security awareness program in place that prepares for the attack vectors your employees are most likely to encounter. Second, ensure you have the ability to detect and quickly react to any social engineering attack you’re hit with. Finally, ensure you have protections in place like antivirus, email filters, and multi-factor authentication on your external login portals to help reduce the impact of a successful phishing attack.
After reviewing the 2019 Data Breach Investigation Report, we focused on 3 key takeaways for you to consider. This report is packed with great information and we encourage you to give it a look. Let us know if you have any questions or want to talk through any of the attack vectors and threats laid out in it.