Key Lessons From Verizon’s ‘2016 Data Breach Investigations Report’

By on May 12, 2016

Verizon 2016 DBIR

The annual Data Breach Investigations Report (DBIR) is out and reinforces the value of well-established cybersecurity practices. The good folks at Verizon have once again published one of the most respected annual reports in the security industry.

The report sets itself apart with the authors intentionally avoiding unreliable “survey” data and instead striving to communicate what is actually happening across the cybersecurity breach landscape. The perception of security typically differs greatly from reality, so this analysis provides some of the most relevant lessons for the field.

Report data is aggregated from real incidents that the company’s professional security services have examined in supporting customers. A large number of security partners also contribute data for this highly respected report. Although this analysis is not comprehensive, it does provide a unique and highly valuable viewpoint, anchored in real incident response data.

Many of the findings support long-standing opinions on the greatest cybersecurity weaknesses and best practices. Which is to say, I found nothing too surprising, and the report reinforces the current directions for good advice.

Key Report Findings

  • Human weaknesses
    30% of phishing messages were opened by their intended victims.
    12% of those targets took the next step to open the malicious attachment or web link.
  • Ransomware rises
    39% of crimeware incidents were ransomware.
  • Money for data
    95% of data breaches were motivated by financial gain.
  • Attackers sprint, defenders crawl
    93% of data breaches were compromised in minutes.
    83% of victims took more than a week to detect breaches.
  • Most of the risk lies in a few vulnerabilities
    85% of successful traffic was attributed to the top 10 CVE vulnerabilities. Although difficult to quantify and validate, top vulnerabilities should be prioritized.

Key Lessons to Apply

  • Train users. Users with permissions and trust are still the weakest link. Phishing continues to be highly effective for attackers to leverage poorly trained users to give them access.
  • Protect financially valuable data from confidentiality, integrity, and availability attacks. Expect attacks, and be prepared to respond and recover.
  • Speed up detection capabilities. Defenders must keep pace with attackers. When preventive controls fail, it is imperative to quickly detect the exploit and maneuver to minimize its overall impact.
  • Patch top vulnerabilities in operating systems, applications, and firmware. Patch quickly or suffer. It is a race; treat it as such. Prioritize the work based upon severity ranking. Serious vulnerabilities should not languish for months or years!

This is just a quick review. The report contains much more information and insights.
I recommend reading the Executive Summary or the full Report.

 

Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

About the Author

McAfee Labs

McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog for more information.

Read more posts from McAfee Labs

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to McAfee Securing Tomorrow Blogs