The more things change, the more they stay the same.
As long-time contributors of the Verizon Data Breach Investigations Report, we’re especially invested in the insights found in the collective data gathered from thousands of incidents and breaches over the past year.
This year we see many common threats and trends continuing to grow, despite the security industry’s recognition of them over the last few years. These include:
Ransomware isn’t going anywhere anytime soon. In fact, the frequency of attacks doubled in 2016 and again in 2017. According to the 2018 Verizon Data Investigations Report, ransomware was identified in almost 40% of all malware-related incidents.
The Insider threat:
More than 28% of this year’s reported breached in the DBIR were attributed to insiders. Not only do insider attacks continue to grow as a whole, the segmentation of frequency of insider attacks by industry shed some illuminating insights. Healthcare, for example, experienced more incidents from insiders than any other threat actors at 56% insider attributed.
Long time to discover, longer to remediate:
Regular folks, those that haven’t been in the security services field for years, are surprised at how long it can take to discover an attack, the fact that it is usually brought to the organization’s attention by a third party, and that it can take months to years to stop the bleeding. But, security experts are all too aware. The report shows that despite the knowledge of this, and the brands that have crumbled in the wake of breaches over the past few years, this has not changed.
Threat actors are still finding common opportunities to infiltrate organizations. Those responsible for security within their organizations can take advantage of the information found in the report, as well as last year’s media storm of significant breaches, to acquire more resources to their cyber defense. See how in our recent post: “Did the Equifax Breach Just Make the CISO’s Job Easier?”
There’s more alarming news in the report this year focusing on espionage and nation-state threat actors. Our next blog will focus on the organizations most at risk and what they can do to better defend themselves. Get your copy of the 2018 Verizon Data Breach Investigations Report.