The industries most anticipated and most comprehensive report covering data breaches has been released in its 2019 edition. This year the report is nearly 80 pages and includes contributions from 73 contributing organization. This report is built upon the analysis of 41,686 security incidents, of which 2,013 were confirmed data breaches.
Brilliance Security Magazine spoke with Alex Pinto, Head of Verizon Security Research (DBIR) to get his take on this year’s report. He told us that he has seen many important shifts on the target plane this year. One of those was increased targeting of C-level executives and other is the shift to compromise cloud-based email.
Major findings of the 2019 report include:
- New analysis from FBI Internet Crime Complaint Center (IC3): Provides insightful analysis of the impact of Business Email Compromises (BECs) and Computer Data Breaches (CDBs). The findings highlight how BECs can be remedied. When the IC3 Recovery Asset Team acts upon BECs, and works with the destination bank, half of all US-based business email compromises had 99 percent of the money recovered or frozen; and only 9 percent had nothing recovered.
- Attacks on Human Resource personnel have decreased from last year: Findings saw 6x fewer Human Resource personnel being impacted this year compared to last, correlating with W-2 tax form scams almost disappearing from the DBIR dataset.
- Chip and Pin payment technology has started delivering security dividends: The number of physical terminal compromises in payment card related breaches is decreasing compared to web application compromises.
- Ransomware attacks are still going strong: They account for nearly 24 percent of incidents where malware was used. Ransomware has become so commonplace that it is less frequently mentioned in the specialized media unless there is a high profile target.
- Media-hyped crypto-mining attacks were hardly existent: These types of attacks were not listed in the top 10 malware varieties, and only accounted for roughly 2 percent of incidents.
- Outsider threats remain dominant: External threat actors are still the primary force behind attacks (69 percent of breaches) with insiders accounting for 34 percent.
Reactions from industry experts:
Satya Gupta, CTO and Co-founder, Virsec
Adam Laub, SVP Product Management, STEALTHbits Technologies