The annual Data Breach Investigations Report (DBIR) is out and reinforces the value of well-established cybersecurity practices. The good folks at Verizon have once again published one of the most respected annual reports in the security industry.
The report sets itself apart with the authors intentionally avoiding unreliable “survey” data and instead striving to communicate what is actually happening across the cybersecurity breach landscape. The perception of security typically differs greatly from reality, so this analysis provides some of the most relevant lessons for the field.
Report data is aggregated from real incidents that the company’s professional security services have examined in supporting customers. A large number of security partners also contribute data for this highly respected report. Although this analysis is not comprehensive, it does provide a unique and highly valuable viewpoint, anchored in real incident response data.
Many of the findings support long-standing opinions on the greatest cybersecurity weaknesses and best practices. Which is to say, I found nothing too surprising, and the report reinforces the current directions for good advice.
Key Report Findings
- Human weaknesses
30% of phishing messages were opened by their intended victims.
12% of those targets took the next step to open the malicious attachment or web link.
- Ransomware rises
39% of crimeware incidents were ransomware.
- Money for data
95% of data breaches were motivated by financial gain.
- Attackers sprint, defenders crawl
93% of data breaches were compromised in minutes.
83% of victims took more than a week to detect breaches.
- Most of the risk lies in a few vulnerabilities
85% of successful traffic was attributed to the top 10 CVE vulnerabilities. Although difficult to quantify and validate, top vulnerabilities should be prioritized.
Key Lessons to Apply
- Train users. Users with permissions and trust are still the weakest link. Phishing continues to be highly effective for attackers to leverage poorly trained users to give them access.
- Protect financially valuable data from confidentiality, integrity, and availability attacks. Expect attacks, and be prepared to respond and recover.
- Speed up detection capabilities. Defenders must keep pace with attackers. When preventive controls fail, it is imperative to quickly detect the exploit and maneuver to minimize its overall impact.
- Patch top vulnerabilities in operating systems, applications, and firmware. Patch quickly or suffer. It is a race; treat it as such. Prioritize the work based upon severity ranking. Serious vulnerabilities should not languish for months or years!