May 03, 2017

Top 10 takeaways from Verizon's 2017 Data Breach Investigations Report #DBIR

For the past 10 years Verizon has put together an annual cybersecurity report covering the who, what, when, and where, of the year's data breaches. The report monitors attack patterns and advises on how businesses can best be prepared for the current climate.

The 2017 report has just been released and as usual we've had a read and put together the #TLDR top 10 takeaways from the report for you below:

  1. 61% of the data breach victims were businesses with under 1000 employees.

  2. 80% of hacking-related breaches leverage either stolen passwords and/or weak passwords.

  3. 75% of breaches were perpetrated by outsiders.

  4. 62% of breaches featured hacking.

  5. 24% of breaches affected financial organizations.

  6. 95% of the phishing attacks that led to a breach were followed by some sort of software installation. And on that note, 66% of malware was installed via malicious email attachments.

  7. Of the 1 in 14 users who were tricked in to clicking a phishing link or opening an attachment, 25% of those people went on to be duped again! Security awareness is key so on-going training and encouragement of teams to be vigilant and learn how to identify a potential attack, will help.

  8. 88% of breaches still fall into one of the nine patterns Verizon identified back in 2014! Be aware of these nine patterns (web app attacks, cyber-espionage, privilege misuse, miscellaneous errors, Point of Sale, payment card skimmers, physical theft and loss, crimeware, and Denial of Service) and educate your team about them too.

  9. Use two-factor authentication where possible, and encrypt sensitive information.

  10. Don't forget physical security. Not everything is stolen online these days, in fact 60% of cases involved insiders stealing data in the hope of converting it to cash, snooping (17%) or taking the data to a competitor employer or company (15%).

To read the full report you can download it here for free: 2017 Data Breach Investigations Report.

YOU MAY ALSO BE INTERESTED IN

Introducing custom security rules

For the past few years we’ve been working hard to create a plug and play adaptive risk engine. We designed our core service using a mix of b ...

Cloudbleed - ThisData's Response

Late last week Cloudflare announced that a pretty serious bug had been found in the way they handled their traffic. The bug allowed private ...