7 key points from Verizon’s 2020 Data Breach Investigations Report (DBIR)
Published at: May 22, 2020
Phishing attacks, use of stolen credentials, and human error are among the main actions behind data breaches, according to Verizon's 2020 Data Breach Investigations Report (DBIR).
The report was created based on more than 157,000 security incidents. Of these, 3,950 are confirmed data breaches.
The document is an important data-driven resource that helps to explain and better understand the world of cyber threats, including ransomware, phishing, and social engineering scams.
7 takeaways from Verizon’s data breach report
1. Phishing and social engineering
According to the report, social engineering attacks, including phishing, are linked to about 22% of cases of breaches. In addition, the vast majority of these attacks happen via email (96%).
In cases of breaches involving social engineering and phishing, the report points out which types of data are most compromised:
- Personal data.
- Internal data.
- Medical data.
- Bank data.
“Phishing has been (and still remains) a fruitful method for attackers”, says the report. “The good news is that click rates are as low as they ever have been (3.4%), and reporting rates are rising, albeit slowly”.
The main tactic used in data breaches, according to the Verizon report, involves hacking. In number, hacking was present in 45% of breaches.
By the way, in more than 80% of breaches within hacking, lost or stolen credentials or brute force attacks were used. 37% of breaches were only possible through lost or stolen credentials.
Other methods widely used by cybercriminals are the exploitation of vulnerabilities and the use of backdoors and Command and Control (C2) functionality.
“Criminals are clearly in love with credentials, and why not since they make their jobs much easier?”, states the document.
3. Human error and misuse
Errors (or human failure) are present in 22% of the breaches. On the other hand, 8% of the breaches are related to misuse by authorized users.
“Errors definitely win the award for best supporting action this year. They are now equally as common as Social breaches and more common than malware, and are truly ubiquitous across all industries”, claims the report.
Among the most common mistakes are misconfiguration and misdelivery. That is, the incorrect configuration of systems and products, and the incorrect sending of data and information to the wrong people.
4. Actors involved in leaks and motivation
Verizon points out that 70% of data breaches were committed by external actors, which leaves 30% for internal threats. Yes, the company's own employee can be a danger to the organization.
“External attackers are considerably more common in our data than are internal attackers, and always have been”, states the report.
“There is a distinct rise in internal actors in the dataset these past few years, but that is more likely to be an artifact of increased reporting of internal errors rather than evidence of actual malice from internal actors”.
Verizon also says that 86% of the breaches were motivated by financial issues and 55% of them were committed by organized groups of cybercriminals.
5. Ransomware, trojan and other malware
The use of malware in data breaches is present in 17% of cases, in the Verizon report. Of this percentage, 27% involve the use of ransomware.
About ransomware: “It’s a big problem that is getting bigger, and the data indicates a lack of protection from this type of malware in organizations, but that can be stopped”.
The top 5 varieties of malware used in breaches are:
- Password dumper.
- Capture app data.
The report also makes it clear that email remains the main vector used for malware infections. Phishing attacks and the use of malicious links and attachments continue to be associated with those infections.
“Office documents and Windows apps still tend to be the malware filetype of choice”. However, the document points out that other means have also been used a lot, such as the use of shell script, PDF and java.
6. Attack paths in incidents and breaches
The report provides a very interesting analysis on the step by step that attacks usually go through.
“Attackers prefer short paths and rarely attempt long paths. This means anything you can easily throw in their way to increase the number of actions they have to take is likely to significantly decrease their chance of absconding with the data”, says the report.
“Malware is rarely the first action in a breach because it obviously has to come from somewhere. Conversely, Social actions almost never end an attack. In the middle, we can see Hacking and Malware providing the glue that holds the breach together”.
7. Other takeaways
72% of breaches involved large business victims.
28% of breaches involved small business victims.
58% of victims had personal data compromised.
81% of breaches were contained in days or less.
43% of breaches involved web applications.
Verizon’s 2020 Data Breach Investigations Report (DBIR)
If you would like to check out the full report, click here.
About Gatefy’s email security solutions
Gatefy is a cybersecurity company that develops artificial intelligence and machine learning to improve businesses’ email security.
Our solutions are compatible and easily integrated with different types of platforms and email providers, such as Office 365, G Suite, Exchange, and Zimbra.
If you want to get to know Gatefy better, visit our product pages.