Recently, Verizon released the 2019 Data Breach Investigations Report (DBIR), a study that aims to raise awareness on the changing data security threat landscape and provide actionable advice based on the results. The report's main focus is on classifying international threats based on types of threat actions and threat actors that are common in data breaches.
The most vulnerable sector
The results revealed that small businesses (43%) were most likely to be successfully breached, as opposed to the financial industry (16%), which was the least likely to be breached. This is because while the data of unsuspecting individuals passes through small businesses on a regular basis, owners typically allocate a small budget, if any, to cybersecurity. In contrast, businesses in the financial sector such as banks, insurance and investment companies contain the data of millions of clients and are well aware of the consequences that come with data breaches. Accordingly, they take the necessary measures to protect sensitive data.
One of the most common breach tactics
Significantly, the second most used breach tactic after hacking was social attacks including phishing, spoofing and social media attacks. Social attacks are quite common because it is difficult for users to verify emails or fake links via their mobile devices, the most common devices used for social purposes. Information is often limited or restricted automatically because of small screen sizes. This makes it difficult for people to determine the source of an email or the credibility of a web page. Conversely, it is much easier for users to open, accept and reply to messages on mobile devices. To make matters worse, people often multitask when using their phones. Whether they are speaking to someone, eating, or crossing the road, they often do not think twice about how they navigate their devices, making social breaches all the more possible.
An unexpected threat actor
The fact that the report covers international data breaches means that state-affiliated actors were also analyzed. Accordingly, Verizon reports that 96 percent of threat actors were attributed to state-affiliated groups or nation-states. While criminal groups and internal actors are the typical and expected threat actors, state-affiliated breaches are a new unexpected addition. While annual reports show a constant fluctuation in the role such actors play in breaches, they are on the rise in today's political climate and are often leveraged by governments or politicians to gain a political advantage.
A shocking discovery
While different threats typically have different discovery times, over 50 percent of breaches took months, sometimes even years, to be discovered. Moreover, 100 percent of point-of-sale malware was discovered externally. This stresses the importance of not only focusing on preventative measures but also on detection and reaction time.