2019 Verizon Breach Report – A first look
In our past blogs, we focused on where to seek information and highlights a recently released report
which contains useful and valuable information. We also mentioned about the Horizon Scan Report
(2019) by BCI
Today we will give an overview of the 2019 Verizon Breach Report
Where to start, 2019… another year and another Verizon Data Breach Investigations Report (DBIR). The report is always eagerly
anticipated in the hope we’ll discover we’ve learnt something over the past twelve months and that organisations have finally
started to take data breaches seriously by implementing the necessary safeguards. Sadly, this year is no different. While there
may have been a shift in the types of breaches occurring, POS (card-present) and ATM skimming breaches both decreasing and
attacks on e-Commerce applications increasing, the number is still staggering.
Broadly speaking, there were a few new insights, but no major surprises in this year’s edition. Organisations are still failing
to implement the basic security safeguards and are falling victim to the same attacks. Yet again, the success of a breach was
dependent on the ‘time to compromise’, which is typically a few minutes, as opposed to the breach discovery time which can
extend to months.
To thwart or minimise the effects of a breach, or even the chance of being breached, organisations need to analyse and understand
the data being stored, implement the necessary controls to protect the systems containing the data and/or the data itself and, finally,
implement controls to prevent data from being exfiltrated in the event an intrusion has occurred.
According to the report, nearly 29% of breaches last year used stolen credentials. All successful attacks require privileged credentials
to accomplish their goals and are used for installing malware or key loggers, stealing data or disabling systems.
One factor exacerbating a successful breach using this method is password sharing, which is still prevalent in many organisations. One
stolen shared credential allows an attacker to move throughout the network, searching for information. Compounding this is the fact
that many organisations don’t regularly change their credentials, allowing attackers to remain within an environment for extended periods.
For this reason, stolen credentials are the second most common threat action cited in the DBIR. Unsurprisingly, ‘phishing’, which we’ve all
been familiar with for the past few years, is the top threat action for 2019. These two threat actions are inextricably linked. The 2019 DBIR
highlighted company executives as being particularly susceptible to phishing, revealing that the C-suite are 12 times more likely to be the
victims of a ‘social incident’ than in previous years.
If you want to learn more about URM, register to our>> mailing list or alternatively, you can register
to one of our free seminars below