#WeekendWisdom 029 Data Breach Investigations Report 2020

Liam — Fri, 22 May 2020 08:40:20 +0000

Welcome to #WeekendWisdom number 29. This week we’re going to talk about data breach investigations report 2020 from Verizon.

https://www.l2cybersecurity.com/wp-content/uploads/2020/05/WeekendWisdom-029-lo.mp4

What was the data breach investigations report 2020 based on?

Every year Verizon, the large US telecommunications company, produces its data breach investigations report or DBIR. And in this they look at cyber security incidents that are reported by their customers all across the globe and they get into some great detail on these incidents. This year it’s based on 32,000 cyber security incidents, where there was nearly 4,000 data breaches involved.

So for big businesses, yeah?

So you might think, this is a big business thing, it’s not for small companies. But 28% of the incidents of data breaches affected small businesses.

And you’ll be wondering why that might be? Well the greatest motivation for these data breaches was financial. They want money and that was 86% of the data breaches were financially motivated. So they just want money. They don’t care how big or small you are.

Anything else?

Some other interesting figures in there, while 70% were carried out by external actors, 30% were internal. So that could be maybe a disgruntled employee may have carried out the data breach or perhaps staff could have made mistakes. Which is possible because 22% of data breaches were as a result of a mistake being made.

So make sure your staff are properly trained in how to handle data, to protect it at all costs and if there is a breach, to report it appropriately and get it handled.

So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.

Follow us on Social media:

Liam is available on Twitter, LinkedIn and Instagram.

Follow L2 Cyber on Twitter, LinkedIn, Instagram and Facebook.

The post #WeekendWisdom 029 Data Breach Investigations Report 2020 appeared first on L2 Cyber Security Solutions Ltd..

The Annual Data Breach report is out.

Liam — Tue, 02 May 2017 15:41:30 +0000

This probably won’t have shown up in your mailbox or in the media that you consume, whether virtual or physical. In the Cyber Security game, the annual Data Breach Investigation Report (DBIR) from Verizon is required reading. This is it’s tenth year in circulation and it grows every year. It’s nothing like the typical surveys that you will see from consulting or security companies that are trying to scare you into doing business with them. No. The DBIR is about what has actually happened across a large selection of disparate industries.

So this is all about the facts, Mam. ?

At it’s heart, this report is made of data from 65 organizations, which in 2016 had just over 42,000 incidents ?, which resulted in some 1,935 breaches ?. It’s a fairly global picture too, with the incidents and breaches coming from 84 countries.

Just for clarity, they define these terms as follows:

Incident: A security event that compromises the integrity, confidentiality or availability of an information asset.

Breach: An incident that results in the confirmed disclosure – not just potential exposure – of data to an unauthorised party.

So here are some of the highlights from this data breach report:

The top industries affected were Financial Services (24%), Healthcare (15%), Retail/Accomodation (15%) and Public Sector (12%).
66% of malicious software (malware) was installed via e-mail attachments.
Hacking was used in 62% of the breaches and of these, 81% leveraged stolen and/or weak passwords. Come on folks. Seriously – Commandment 8 anybody?
75% of the breaches were carried out by people external to the victim companies and half of them were affiliated with organised criminal groups.
27% of the breaches were uncovered by third parties, so in over a quarter of the cases, the victims were unaware until somebody else told them.

Other interesting facts from the report highlight the types of incident/breach which is most targeted at different industries:

Accommodation/Food was mainly targeted for Point-of-Sale (POS) breaches, which is purely financially motivated.
Financial/Insurance were targeted by Denial-of-Service attacks, however there was also a large incidence of Banking passwords being stolen and ATM cards being skimmed (see my previous blog post for more on skimming). So again these breaches are of the financial type.
Manufacturing was interesting. The greatest number of breaches in this sector were for espionage purposes. So in this case, the evil doers were using a data breach to mine information from their target.

Finally, Ransomware (the type of malicious software (malware) that scrambles all of your files and demands you pay money to get the key to unscramble them) has gone from being the 22nd most common malware in 2014 to being the 5th most prevalent in 2016. Ransomware campaigns targeted Public Sector, Healthcare and Financial Services (in that order) in 2016. All I can advise is that you follow Commandment 4 and Commandment 5 and you should not be overly concerned about Ransomware.

Have you any concerns about any of the above? If so, then pop an e-mail to info@L2CyberSecurity.com and we will make contact to discuss in simple terms what you need to do to help allay your worries.