Top 4 Insights from Verizon Data Breach Report 2017
The Verizon Data Breach Report is one of the most thorough and detailed reports on network security.
We dug into the 76 pages of the 2017 DBIR to find the top insights to help your IT business and clients. Here’s what we found.
Top 3 Attacks in Data Breaches
If your organization has a data breach, it’s likely to happen in one of three ways:
You are hacked
You are infected with malware
You are tricked by social engineering tactics
The Verizon DBIR 2017 calls these activities “threat actions” – or the actions taken by a third party that leads to a data breach.
Hacking, malware, and social engineering have been the top three in the report for several years.
3 Threat Actions Defined
Verizon’s report uses the VERIS system for describing security incidents (VERIS is Vocabulary for Event Recording and Incident Sharing).
Here’s how VERIS defines the top three threat actions that lead to data breach:
Hacking - Attempts to intentionally access or harm information assets without (or exceeding) authorization by circumventing or thwarting logical security mechanisms. Includes brute force, SQL injection, cryptanalysis, denial of service attacks, etc.
Malware - Malicious software, script, or code run on a device that alters its state or function without the owner’s informed consent. Examples include viruses, worms, spyware, keyloggers, backdoors, etc.
Social – Includes deception, manipulation, intimidation, etc. used to exploit the human element, or users, of information assets. Includes pretexting, phishing, blackmail, threats, scams, etc.
Other Causes of Data Breach
The chart also shows three more threat actions that lead to data breach: error, misuse, and physical.
While less common in general, these threat actions can dominate the data breaches in certain industries.
For example, 80% of healthcare data breaches reviewed in the report resulted from privilege misuse, miscellaneous errors, and physical theft and loss.
Here’s how VERIS defines these others:
Error - Anything done (or left undone) incorrectly or inadvertently. Includes omissions, misconfigurations, programming errors, trips and spills, malfunctions, etc. It does NOT include something done intentionally wrong.
Misuse - Misuse is defined as the use of entrusted organizational resources or privileges for any purpose or manner contrary to that which was intended. Includes administrative abuse, use policy violations, use of non-approved assets, etc.
Physical - Deliberate threats that involve proximity, possession, or force. Includes theft, tampering, snooping, sabotage, local device access, assault, etc.
Hackers Love Your Password
The password continues to be a weak link in an organization’s security chain.
81% of data breaches that involved hacking used either stolen or weak passwords, according to the Verizon Data Breach Report 2017.
While it’s impossible to know if improved password security could have prevented these breaches, we can safely assume it would have made the attack more difficult in some cases
A few tips from the Verizon DBIR:
Don’t use default or easy-to-guess passwords
Implement multi-factor authentication for remote access to networks used for handing payment cards or other sensitive data.
If an attacker needs only a single set of credentials to bring your organization to its knees, then you are skating on thin ice. Segment networks and establish more granular security zones that require multi-factor authentication.
Realize the risk of password re-usage from other breaches or malware on your users’ devices.
“Reduce the impact of a compromised user device. If a username and password is the only barrier to escalating privilege or compromising the next device, you have not done enough to stop these actors,” according to the report.
Email is a Dirty Channel
Email remains the primary channel through which organizations are infected with malware.
For the malware installations reviewed in the report, 66% were installed with a malicious email attachment, according to the Verizon Breach Report.
Small businesses that want to avoid a data breach must secure the email channel.
Calyptix Security helps small and medium offices secure their networks so they can raise profits, protect investments, and control technology. Our customers do not waste time with security products designed for large enterprises. Instead, we make it easy for SMBs to protect and manage networks of up to 350 users.