The Verizon enterprise has recently issued its 2020 Data Breach Investigations Report (DBIR). The report analyzes security compromises between November 1, 2018 and October 31, 2019. It investigates cyber attack tactics, parties responsible, commonalities, motivations and popular victims, as well as helps to recommend cybersecurity measures that organizations should be adopting. Here are several key conclusions drawn from the report.
Cyber Attack Tactics
The most common breach strategy used was hacking. About 45% of the attacks were carried out by identifying weaknesses in organizational systems security and exploiting them. In comparison, there was an increase in user error comprising 22% of the breaches. It has become critical to create a multifaceted security authorization system. But furthermore, individual users need to become better educated on how to better protect themselves against malware.
Who is Responsible?
Only 30% of the breaches involved internal actors, the rest of the breaches were attributed to external parties. Of these external attacks, 55% of the culprits belonged to organized criminal groups. This again highlights the need to protect company data from breaches by administering protection against hacking, not just insider espionage.
Unsurprisingly, the majority (86%) of the cyber attack motivation was financially driven. The report analyzed if this meant that the majority of the attacks targeted large corporations instead of small size companies.
Research found that companies with fewer than 1,000 employees had only 407 incidents, with 221 successful data breaches. In contrast, large companies with more than 1,000 employees had 8,666 incidents, of which 578 were successful. Although the frequency of the cyber attacks was less against small companies, the success rate of data breaches was much higher than large companies (over 50% versus 6-7%).
Role of the Cloud
The common denominator was the increase in the trend of using web applications, like cloud services, for data storage. Verizon stated in the report that their findings indicated about 24% of the breaches involved data stored in the cloud.
As more information migrates to the cloud due to the remote working conditions forced by the COVID-19 pandemic, enterprises have to become more aware of their system security structures in place. It is a good idea to re-evaluate your organization's cloud asset securities. It will also be beneficial for companies to employ an external audit of their systems to further secure their data.