May 03, 2017

Top 10 takeaways from Verizon's 2017 Data Breach Investigations Report #DBIR

For the past 10 years Verizon has put together an annual cybersecurity report covering the who, what, when, and where, of the year's data breaches. The report monitors attack patterns and advises on how businesses can best be prepared for the current climate.

The 2017 report has just been released and as usual we've had a read and put together the #TLDR top 10 takeaways from the report for you below:

  1. 61% of the data breach victims were businesses with under 1000 employees.

  2. 80% of hacking-related breaches leverage either stolen passwords and/or weak passwords.

  3. 75% of breaches were perpetrated by outsiders.

  4. 62% of breaches featured hacking.

  5. 24% of breaches affected financial organizations.

  6. 95% of the phishing attacks that led to a breach were followed by some sort of software installation. And on that note, 66% of malware was installed via malicious email attachments.

  7. Of the 1 in 14 users who were tricked in to clicking a phishing link or opening an attachment, 25% of those people went on to be duped again! Security awareness is key so on-going training and encouragement of teams to be vigilant and learn how to identify a potential attack, will help.

  8. 88% of breaches still fall into one of the nine patterns Verizon identified back in 2014! Be aware of these nine patterns (web app attacks, cyber-espionage, privilege misuse, miscellaneous errors, Point of Sale, payment card skimmers, physical theft and loss, crimeware, and Denial of Service) and educate your team about them too.

  9. Use two-factor authentication where possible, and encrypt sensitive information.

  10. Don't forget physical security. Not everything is stolen online these days, in fact 60% of cases involved insiders stealing data in the hope of converting it to cash, snooping (17%) or taking the data to a competitor employer or company (15%).

To read the full report you can download it here for free: 2017 Data Breach Investigations Report.


The future of authentication

Today I’m excited to announce a deal that we have been working on for the past few months and how that will impact the future of contextual ...

Introducing custom security rules

For the past few years we’ve been working hard to create a plug and play adaptive risk engine. We designed our core service using a mix of b ...