In the recently released 2019 Verizon Data Breach Investigations Report (DBIR), Verizon found that 43% of breaches affect small businesses and that a third (32%) of breaches involved phishing, a form of social engineering.
Verizon built this report upon the analysis of 41,686 security incidents and 2,013 confirmed data breaches, the Verizon DBIR digs into the overall threat landscape, the actors, actions, and assets that are present in breaches.
The 2019 Verizon Data Breach Investigations Report (DBIR) Key Takeaways (please see here) highlights 12 key takeaways including:
- Financial gain remains the most common motivate behind data breaches (71%)
- 43% of breaches affect small businesses
- A third (32%) of breaches involved phishing
- The nation-state threat is increasing, with 23% of breaches by nation-state actors
- More than half (56%) of data breaches took months or longer to discover
- Ransomware remains a major threat and is the second most common type of malware reported
- Criminals increasingly target Business Executives with social engineering attacks.
- Crypto-mining malware accounts for less than 5% of data breaches, despite the publicity it didn’t make the top ten malware listed in the report
- Espionage is a key motivation behind a quarter of data breaches
- 60 million records breached due to misconfigured cloud service buckets
- Continued reduction in payment card point of sale breaches
- The hacktivist threat remains low, the increase in the DBIR 2012 report appears to be a one-off spike
An interesting takeaway:
Cyber attackers target the network, where executives are “six times more likely to be a target of social engineering than they were only a year ago; and, C-level executives are 12 times more likely to be the target.”
This means that Business Email Compromises (BEC) are proving successful for ID theft criminals and cyber thieves.
Verizon stated that BEC breaches represented 248 (18%) confirmed breaches out of the 2,013 confirmed data breaches. In addition, Risk-Based Security recently announced the release of its Q1 2019 Data Breach QuickView Report highlighting how over 1,900 data breach events — exposing over 1.9 billion records — were reported in the first three months on 2019.
According to Risk Based Security, “no other first quarter has seen this level of activity, putting 2019 on pace to be yet another ‘worst year on record’ for the number of publicly reported breaches.”
The report found “that 67.6% of records compromised in Q1 were due to exposure of sensitive data on the Internet.”
If you are a small business, considering Identity Theft Protection as an Employee Benefit or a breach readiness and response program is worth considering!