Our take on the Verizon Data Breach Investigations Report

Verizon’s Data Breach Investigations Report (DBIR) is one of the most respected security research papers around today. Every year the company will shake the security industry with 

the thought-provoking statistics around breach trends, cybercriminal tactics and the various techniques which threat actors are using to target organisations today.

Verizon’s 2018 DBIR, which was published on the 11th of April, was once again full of interesting data which has got the whole security industry talking. Are insiders really behind one in four data breaches? Do 68 percent of breaches really go undiscovered for months? According to Verizon’s latest report the answer to both questions is yes. 

The 2018 report is an extensive 68 pages long, so if you don’t time to read it in full, here is the CyberProof take on some of the highlights from the latest study. 

Ransomware and malware 

The finding from the 2018 report that is attracting the most attention is that ransomware was involved in 39 per cent of malware-related breaches in the last year, which is double the findings from the 2017 Verizon DBIR 

So why is ransomware so prolific? Ransomware attacks are relatively easy to build and execute and they can have a very good return for threat actors. Additionally, because most ransomware infections target organisations via email and infected links, they are also coming in via the weakest link in any organisation’s security posture – the human factor. Ransomware has become one of the most talked about and well-used threats around today. In the last year we have seen huge organisations, including the UK’s NHS, impacted by ransomware, which has left them completely out of service.  

The fact that ransomware was involved in 39 percent of malware-related incidents just reinforces how big the threat has become and highlights the importance of organisations taking measures to ensure they are adequately protected. Any organisation looking to protect their digital assets from ransomware should ensure they are adequately communicating the threat to board members and executives to ensure proper investment in proactive cyber defense, rather than waiting for the company to come under attack.  

Data breaches

According to Verizon’s analysis, 87 percent of compromises took minutes or less for attackers to gain access. However, in contrast, only three percent of breaches were discovered within minutes, while 68 percent of breaches went undiscovered for months. In addition to this, the report also discovered that 58 percent of data breach victims in the report were categorised as small businesses while 50 percent of breaches were carried out by organised criminal groups. 

Again, these findings are not very surprising. When an attacker identifies their next target, they will perform reconnaissance on the organization to find out where it is weakest. This will also allow them to gather all relevant data on their security products, servers and subdomains and will also increase the chances of their attack being successful first-time round. As we’ve seen throughout the history of cyber-attacks organizations with lax security policies tend to use default credentials which result in easy breaches that have a significant impact on the organisation’s reputation, finances and customer confidence.  

Insider Threats 

The other findings which caught the attention of the CyberProof team are around malicious outsiders being responsible for 73 percent of breaches and the fact that the healthcare sector is the only industry vertical that has more internal actors behind breaches than external (56 percent internal / 43 percent external). 

These findings certainly do highlight the growing problem of insider threats as this means that over one in four breaches were actually carried out by insiders. Insider threats are much harder to detect and can be a huge problem for organisations that do not have a way to track their user activity for malicious behaviour 

The reason behind the huge problem posed by insiders is a result of various reasons, however it could come down to adverse working conditions where employees have intentionally become malicious. Alternatively, it could be that they are doing something they did not realise was wrong. 

The best way organisations can overcome the problems posed by insider threats is by carrying out comprehensive monitoring where malicious or careless incidents can be quickly identified. It is also important to have clear policies around acceptable and unacceptable network activity.  

Verizon has once again produced another thought-provoking report and its data points will likely be referenced by numerous organisations throughout the course of the next year. However, organisations should also look at the report’s data and apply it to their own network. Are they monitoring for malicious insiders, do they have tools to prevent a catastrophic ransomware attack? It is important that organisations learn from the Verizon DBIR and build a better, more robust security program to help guard against these threats in the future. 

Eva Prokofiev

Senior Threat Intelligence Analyst at CyberProof  

Eva is responsible for research and intelligence operations at CyberProof. As a senior analyst, she conducts research on the latest trends in cyber security and creates on-demand reports and analyses focusing on threats directed against our customers worldwide.