Top 4 Insights from Verizon Data Breach Report 2017

The Verizon Data Breach Report is one of the most thorough and detailed reports on network security.

We dug into the 76 pages of the 2017 DBIR to find the top insights to help your IT business and clients. Here’s what we found.

Top 3 Attacks in Data Breaches

verizon-dbir-2017-threat-actions — via Verizon DBIR 2017

If your organization has a data breach, it’s likely to happen in one of three ways:

You are hacked
You are infected with malware
You are tricked by social engineering tactics

The Verizon DBIR 2017 calls these activities “threat actions” – or the actions taken by a third party that leads to a data breach.

Hacking, malware, and social engineering have been the top three in the report for several years.

3 Threat Actions Defined

Verizon’s report uses the VERIS system for describing security incidents (VERIS is Vocabulary for Event Recording and Incident Sharing).

Here’s how VERIS defines the top three threat actions that lead to data breach: verizon-dbir-2017-threat-actions-defined

Hacking - Attempts to intentionally access or harm information assets without (or exceeding) authorization by circumventing or thwarting logical security mechanisms. Includes brute force, SQL injection, cryptanalysis, denial of service attacks, etc.
Malware - Malicious software, script, or code run on a device that alters its state or function without the owner’s informed consent. Examples include viruses, worms, spyware, keyloggers, backdoors, etc.
Social – Includes deception, manipulation, intimidation, etc. used to exploit the human element, or users, of information assets. Includes pretexting, phishing, blackmail, threats, scams, etc.

Other Causes of Data Breach

The chart also shows three more threat actions that lead to data breach: error, misuse, and physical.

While less common in general, these threat actions can dominate the data breaches in certain industries.

For example, 80% of healthcare data breaches reviewed in the report resulted from privilege misuse, miscellaneous errors, and physical theft and loss.

Here’s how VERIS defines these others:

Error - Anything done (or left undone) incorrectly or inadvertently. Includes omissions, misconfigurations, programming errors, trips and spills, malfunctions, etc. It does NOT include something done intentionally wrong.
Misuse - Misuse is defined as the use of entrusted organizational resources or privileges for any purpose or manner contrary to that which was intended. Includes administrative abuse, use policy violations, use of non-approved assets, etc.
Physical - Deliberate threats that involve proximity, possession, or force. Includes theft, tampering, snooping, sabotage, local device access, assault, etc.

Hackers Love Your Password

The password continues to be a weak link in an organization’s security chain.

81% of data breaches that involved hacking used either stolen or weak passwords, according to the Verizon Data Breach Report 2017.

verizon-dbir-2017-hacking-breach-passwords

While it’s impossible to know if improved password security could have prevented these breaches, we can safely assume it would have made the attack more difficult in some cases

A few tips from the Verizon DBIR:

Don’t use default or easy-to-guess passwords
Implement multi-factor authentication for remote access to networks used for handing payment cards or other sensitive data.
If an attacker needs only a single set of credentials to bring your organization to its knees, then you are skating on thin ice. Segment networks and establish more granular security zones that require multi-factor authentication.
Realize the risk of password re-usage from other breaches or malware on your users’ devices.
“Reduce the impact of a compromised user device. If a username and password is the only barrier to escalating privilege or compromising the next device, you have not done enough to stop these actors,” according to the report.

Email is a Dirty Channel

Email remains the primary channel through which organizations are infected with malware.

For the malware installations reviewed in the report, 66% were installed with a malicious email attachment, according to the Verizon Breach Report.

Verizon-Data-Breach-Report-2017-malware-email-attachment

Small businesses that want to avoid a data breach must secure the email channel.

A few tips to avoid phishing and malicious emails:

Filter email for spam and malware. Be sure to filter by geography. If you do business only in the U.S., then you have no reason to receive emails from Bangladesh.
Train users to recognize phishing emails. Show examples and simulate attacks to keep their guards up.
Create a reporting system to allow users to highlight malicious emails that pass the filter
Consider a company-wide policy to use a secure file sharing system (think Google Drive or Dropbox) instead of email attachments

Attackers Want Money and Secrets

Nine out of ten data breaches (93%) were motivated by financial gain or espionage (or secret stealing), according to the 2017 DBIR.

However, motivations can vary greatly between industries.

For example, in manufacturing, 94% of data breaches were motivated by espionage. Why?

“A great way to make something cheaper is to let someone else pay for all of the R&D and then simply steal their intellectual property,” according to the report.

Financial motives dominate the data breaches in other industries, according to the DBIR: