When securing your company’s network and data, what types of data breaches should your IT and security staff guard against? According to the 2020 Verizon Data Breach Investigations Report (DBIR), there are the five main causes of data breaches today:
This is the leading cause of data breaches today.45% of enterprise breaches involved some sort of hacking. Of these breaches, 80% involved brute force or the use of lost or stolen credentials – which are often associated with a company’s use of web applications.
2. Social Engineering
Almost a quarter – 22% — of breaches involve some form of social engineering. This is typically accomplished via the use of phishing to trick recipients into revealing their network credentials, or more personalized spear-phishing to fool recipients into initiating money transfers.
According to the DBIR, phishing attempts originated via email 96% of the time. Approximately two-thirds of social engineering attacks involved obtaining login credentials – close to half also scammed the victim out of their personal information.
These have become more common within the past year, now accounting for as many breaches as social engineering – 22% of all incidents. Errors come in all types and sizes, including misconfiguration errors associated with data stored on web servers and publishing errors resulting from accidentally making private documents available on a public server.
This used to be a bigger issue than it is today. Despite the steady popularity of financially-motivated ransomware attacks, especially in the public sector, malware has consistently declined as a cause of data breaches. It now accounts for just 17% of all incidents. This decrease is a result of hackers seeking faster and easier ways to breach a system, such as credentials theft via hacking or social engineering. Installing and managing malware is much harder work for a similar payoff.
5. Misuse by Authorized Users
This is the least prevalent cause of data breaches, accounting for just 8%. They involved some sort of misuse by authorized users – human error, in other words. People will always make mistakes, even when those mistakes result in data breaches.
Who is Responsible for Most Breaches?
According to the DBIR, external actors are behind 70% of data breaches today. Of these breaches, more than half are conducted by organized crime groups interested solely in profit. Other external actors include state-affiliated groups (more interested in espionage) and various non-affiliated groups and individuals.
The remaining 30% of data breaches involve internal actors, typically end-users or system administrators. Some of these internal breaches are criminal in nature, but most are simply mistakes by well-intentioned but careless employees.
Who Do Hackers Target?
While any organization is a potential target for malicious actors, the reality is that the most aggressive and dangerous attackers target larger companies. The Verizon report notes that 72% of breach victims were large businesses with 1,000 or more employees. Hackers are, therefore, targeting big companies, not little guys.
Thanks to the increasing adoption of web-based technologies by larger companies, most corporate assets are now stored on servers connected to and accessible via the Internet. Cybercriminals view this type of server as an easy target, using either brute-force hacking or social engineering.
If you are a big company with data stored on web servers, research says you’re likely to be a target of hackers.
Why Do Hackers Attack?
What motivates today’s breed of hackers? The answer is simple: money.
According to the DBIR, 86% of breaches are financially motivated. Rather than playing a long game with malware and Trojans, malicious actors today try to get as much money as they can as fast as they can. This may involve using social engineering to trick senior executives to transfer large funds to bogus accounts, impersonating executives to trick subordinates into transferring funds, or employing ransomware to lock companies out of their systems until a ransom is paid.
This immediate financial incentive is another reason hackers target larger enterprises – they know that bigger businesses can make bigger payouts. Today’s financially motivated hackers want the largest possible reward for their malicious efforts.
How Concerned Should You Be About Data Breaches?
Many companies have an image of the typical computer hacker as a young kid in a dark hooded sweatshirt, like the ones you see in Hollywood movies and TV shows. If you buy into that image, you might not take data security as seriously as you need to. The reality is that today’s cybercriminals are members of well-trained, well-equipped, and well-organized cyber gangs out for financial gain.
You need to take data breaches as seriously as the hackers do and prepare for them with all available resources. That means using the Verizon DBIR data to identify the most likely threats and guarding against them in all aspects of your organization – from IT to communications.