Arraya Insights | June 11, 2020
Now in its 13th year, the Verizon Business Data Breach Investigations Report has become an annual repository of data points showcasing what’s working (and what isn’t) for cyber criminals and those who oppose them. This time, Verizon’s research team began with a global pool of nearly 160,000 suspected security incidents, distilling them down into the lessons contained within the final version of the hundred-plus page report. The resulting insights challenged popular conceptions and provided insight into whom hackers are and what makes them hack.
Granted, we just dove into an extensive security study last month, putting out a post on nine stats from Cisco’s 2020 CISO Benchmark Study that caught our attention. Yet, there’s truth in that old saying about knowledge equaling power, particularly in regards to cyber security. So, feel free to treat this as a companion piece to our earlier post.
Here are seven findings from Verizon’s research you can use to improve your organization’s security posture even further.
- Hackers don’t want to work too hard. You know that scene in horror movies where a would-be victim throws furniture, boxes and anything else available in front of the monster but nothing seems to slow it down? Unlike their big-screen counterparts, cyber villains seem far more easily deterred. Verizon’s team found putting more steps in front of a hacker resulted in fewer incidents and breaches. The total number of each really cratered when hackers were forced to take three, four or more steps. Something like MFA – which we called a “table stakes” solution in our Cisco post – is an excellent way to throw frustrations in front of attackers, sending them off in search of quicker wins.
- Simple mistakes make attractive targets. Hacking, malware, physical intrusions – despite what headlines might suggest, all of these attack vectors have decreased in frequency. The only one increasing? Errors. Exploiting misdelivery, misconfiguration and publishing issues has become one of attackers’ new favorite hobbies. Technology environments remain complex organisms, even as Cisco’s report suggests greater interest in vendor unification. Complexity, coupled with IT’s maxed-out workloads, is sure to contribute to mistakes. Increased reporting of these errors is also a factor. Still, streamlining vendor relationships, embracing automation and even bringing in outside help through a managed services partner are all ways to ease the burden on IT and reduce risky errors.
- Cyber crooks are doing it for the money. Whether you’re studying the art of war or the art of cyber security, knowing your enemy is a best practice. The thing that motivates most cyber criminals, according to the report, is money. Finances were a driver in more than 80% of cyber security breaches and in more than 60% of incidents. Incidentally, Verizon also classifies more than half of malicious activities as stemming from “organized crime” with just shy of 20% backed by nation-states. Verizon’s team is quick to point out that, in this case, organized crime means criminals with processes and not the kind notorious for making offers you can’t refuse. Knowing who is on the other side of the firewall and what they’re after are both critical to keeping them out.
- Email links remain a popular source of malware. How does malware find its way into your organization? Malicious links in emails remain the most popular vector, having a hand in just shy of 40% of breaches. Direct install is the second most likely vector, with download by malware and another email based method (malicious attachment) following right on its heels. The most likely payload being delivered through these various approaches is a password dumper, which featured in just about 40% of attacks. Behind that were app data capturers, ransomware and malicious downloaders. While ransomware remains a headline darling, it’s important not to lose sight of the array of threats targeting users (and your network).
- Winning the battle (not the war) against phishing. Good news! Progress has absolutely been made in the fight against phishing, although we should leave the cork in the champagne bottle for now. Overall, phishing activities have dropped about 6.6% from last year’s Business Data Breach Investigations Report. There’s also plenty more good news where that came from. Awareness campaigns seem to be paying off as test phishing efforts are being reported at an all-time high. Additionally, phishing click-through rates are at their lowest point, coming in at just 3.4%. Congratulations are certainly in order for a job well done, however, it’s important to be ready for the response from cyber criminals.
- On-prem assets still hackers’ top target. It might be time for those who automatically question the security of the cloud to do some soul-searching. Verizon’s team found that on-premises assets were involved in 70% of data breaches. The cloud laid claim to just 24% of breaches. Digging into that cloud number reminds us of an important truth. Just shy of 80% of those cloud breaches involved breached credentials. So, for cyber crooks, it’s not a question of on-prem or in the cloud. It may simply come down to which one, for whatever reason, happens to look easier to them at that given moment. It’s up to security pros to make those paths as difficult as possible to scare off work-averse attackers.
- Spotting – and containing – threats at a record pace. While we’re on the topic of good news, this edition of the Business Data Breach Investigations Report marks the first time more breaches were discovered in “days or less” than in “months or more.” It’s not just about spotting them as more than 80% of breaches were contained in “days or less” as well. Verizon does add a couple of addendums, including that, as an annual report, it may not include a full accounting of a year’s attacks. Furthermore, the report does give credit to managed services partners for helping to lower detection and remediation timelines. In our post on the Cisco study, we highlighted six ways organizations could rein in the financial fallout of data breaches, including regular process reviews, usage audits, and solution maintenance. Those unable to devote internal resources to executing these tasks should look outside to prevent breaches from going unnoticed or unaddressed, minimizing the financial costs in the process.
Next Steps: Improve security based on industry-tested strategies
Research projects like Verizon’s 2020 Business Data Breach Investigations Report and Cisco’s 2020 CISO Benchmark Study provide a valuable look at what other cyber security professionals are seeing in the field. Our in-house security team can help you take those insights, vet them based on your unique circumstances and, wherever appropriate, apply them within your own organization. Reach out to Arraya today to schedule an assessment or conversation!
Visit https://www.arrayasolutions.com/contact-us/ to connect with our team.
Follow us to stay up to date on our industry insights and unique IT learning opportunities.