The industries most anticipated and most comprehensive report covering data breaches has been released in its 2019 edition. This year the report is nearly 80 pages and includes contributions from 73 contributing organization. This report is built upon the analysis of 41,686 security incidents, of which 2,013 were confirmed data breaches.
Brilliance Security Magazine spoke with Alex Pinto, Head of Verizon Security Research (DBIR) to get his take on this year’s report. He told us that he has seen many important shifts on the target plane this year. One of those was increased targeting of C-level executives and other is the shift to compromise cloud-based email.
Major findings of the 2019 report include:
- New analysis from FBI Internet Crime Complaint Center (IC3): Provides insightful analysis of the impact of Business Email Compromises (BECs) and Computer Data Breaches (CDBs). The findings highlight how BECs can be remedied. When the IC3 Recovery Asset Team acts upon BECs, and works with the destination bank, half of all US-based business email compromises had 99 percent of the money recovered or frozen; and only 9 percent had nothing recovered.
- Attacks on Human Resource personnel have decreased from last year: Findings saw 6x fewer Human Resource personnel being impacted this year compared to last, correlating with W-2 tax form scams almost disappearing from the DBIR dataset.
- Chip and Pin payment technology has started delivering security dividends: The number of physical terminal compromises in payment card related breaches is decreasing compared to web application compromises.
- Ransomware attacks are still going strong: They account for nearly 24 percent of incidents where malware was used. Ransomware has become so commonplace that it is less frequently mentioned in the specialized media unless there is a high profile target.
- Media-hyped crypto-mining attacks were hardly existent: These types of attacks were not listed in the top 10 malware varieties, and only accounted for roughly 2 percent of incidents.
- Outsider threats remain dominant: External threat actors are still the primary force behind attacks (69 percent of breaches) with insiders accounting for 34 percent.
Reactions from industry experts:
Satya Gupta, CTO and Co-founder, Virsec
The latest Verizon DBIR highlights that cyberattacks are becoming much more targeted and dangerous. They noted a huge increase in C-level executives being individually targeted. The same trend is happening with specific network tools and industrial equipment. Attackers are prolific at scanning networks and finding specific types of vulnerable equipment, then targeted them with specific malware designed for these devices.
The vast majority of security tools focus on user endpoints – laptops, desktops, mobile. But 80-90% of current incidents involve corporate servers, whether on-premises or in the cloud. Analysts like Gartner are stressing that user endpoint security tools are not effective protecting servers or cloud workloads – in fact, they are dangerous because the provide a false sense of security. Server-side security requires much more attention.
There continues to be a temporal disconnect between the time frame for attacks versus response. The report points out that attack chains act “within minutes” while “the time to discovery is more likely to be months.” This gap must be tightened and security tools need to focus on real-time attack detection if we are to have any chance to curtail these breaches.
Adam Laub, SVP Product Management, STEALTHbits Technologies
As usual, the 2019 Verizon Data Breach Investigations Report did not disappoint in terms of providing an interesting a captivating analysis of the past year’s data breach happenings. While there didn’t appear to be any particularly shocking findings with regards to attack TTPs, motives, industry statistics, or attack timelines, the 2019 DBIR again delivered the message – perhaps indirectly – that the absence of foundation-level and layered security controls, internal security discipline, and general security awareness are the common denominators in the data breach dilemma.
If one theme in particular stood out, it was the prevalence of Credential Theft as a consistent factor in the data breach equation. This is of course no surprise, just as it is no revelation that the ultimate target for any attacker is successfully compromising and exfiltrating data the credentials supply access to. For organizations looking for the most pragmatic steps they can take to mitigate their risk, Figure 27 on page 18 may be the best starting point. Locating, securing, and reducing the data types attackers are looking for results in a significant shift in the balance of power between defenders and attackers, as it effectively removes the result from the aforementioned equation – monetizable data. Given “71% of breaches were financially motivated”, the removal of the quantity of monetizable assets available in any breach scenario reduces the attacker’s money-making opportunity, and perceptibly reduces the potential impact of any network compromise, regardless of the “threat action” or “variety” employed.
Michael Magrath, Director, Global Regulations & Standards, OneSpan
As noted in the report, the use of stolen credentials on banking applications remain common. The authors, like most security experts, recommend multifactor authentication to combat this vector of attack. Until strong customer authentication is mandated through regulation, hackers will continue to steal login credentials. However with secure, frictionless authentication solutions becoming commonplace, the use stolen credentials is expected to significantly drop in future reports.
The two most significant trends that stick out to me are the increased targeting of c-level executives and the need for standardization and visibility within organizations. The drastic increase in social attacks on c-level personnel points to the increased demand for cybersecurity awareness in the c-suite. More and more we are seeing information security leaders brought into business side discussions to provide cyber-focused insights and feedback on business strategy. The flywheel effect at work – involvement of cyber leaders and increased awareness in the c-suite – has an ongoing positive effect, a necessary change given that personnel, as well as systems, are under attack.
As enterprises continue to digitize – embracing such technologies as cloud, internet of things, and web-based data collection – the need for a consistent standard across the entire enterprise becomes all the more critical. Implementing reactionary security practices is no longer sufficient, and information security leaders must employ standards such as the NIST Cybersecurity framework to ensure that their strategy can scale with the organization. Further, infosec leaders must also apply solutions that increase visibility across the organization. A fragmented or modular approach to cyber leaves gaps and increases the risk of an incident or breach. Using an integrated approach to security, built on a strong foundation, and delivering on clear applicable reporting to the c-suite, will allow organizations to continue embracing new technologies while reducing the risk of events.
Steven Bowcut, CPP, PSP is the Editor-in-Chief for Brilliance Security Magazine