Request Demo

News Coverage

Insights from Verizon’s 2019 Data Breach Report


$40 million stolen from the Binance cryptocurrency exchange yesterday by cybercriminals. Hackers infiltrating hundreds of Amazon merchant accounts late last year. The ongoing impact from the massive 2017 Equifax data breach exposing more than 148 million records.

The hit parade of cybersecurity breaches never lets up in this global, always-on, online world.

Verizon's 2019 Data Breach Investigations Report analyzed more than 41,000 data breaches worldwide.Verizon’s 2019 Data Breach Investigations Report (DBIR) provides insight from 41,686 security incidents and 2,013 data breaches provided by 73 data sources, both public and private, covering 86 countries. We’ve got some leading cybersecurity experts to help provide a perspective.

Adam Laub, SVP of Product Management, STEALTHbits Technologies said, “The 2019 Verizon Data Breach Investigations Report did not disappoint in terms of providing an interesting a captivating analysis of the past year’s data breach happenings. While there didn’t appear to be any particularly shocking findings with regards to attack TTPs, motives, industry statistics, or attack timelines, the 2019 DBIR again delivered the message – perhaps indirectly – that the absence of foundation-level and layered security controls, internal security discipline, and general security awareness are the common denominators in the data breach dilemma.”

Data breach report highlights

69% of data breaches were by outsiders and a surprising 34% involved insiders.

Verizon’s investigation showed 69% of data breaches were by outsiders and a surprising 34% involved insiders. Organized criminal groups were behind 39% of events and 23% were identified as “nation-states.”

The variety of attacks were wide-ranging including hacking (52%) and social media attacks (33%). 71% of the attacks were financially motivated while 25% were identified as espionage.

“The vast majority of security tools focus on user endpoints – laptops, desktops, mobile. But 80-90% of current incidents involve corporate servers, whether on-premises or in the cloud. Analysts like Gartner are stressing that user endpoint security tools are not effective in protecting servers or cloud workloads – in fact, they are dangerous because they provide a false sense of security. Server-side security requires much more attention,” said Satya Gupta, CTO, and Co-founder of Virsec.

The report also noted, “Payment card web application compromises are well on their way to exceeding physical terminal compromises in payment card-related breaches.”

Who got hacked?

43% of the victims were small business while others included public sector (16%), healthcare (15%), and the financial industry (10%).

Verizon said 43% of the victims were small business while others included public sector (16%), healthcare (15%), and the financial industry (10%).

Michael Magrath, Director, Global Regulations & Standards at OneSpan said, “The use of stolen credentials on banking applications remain common. The authors, like most security experts, recommend multifactor authentication to combat this vector of attack.  Until strong customer authentication is mandated through regulation, hackers will continue to steal login credentials. However, with secure, frictionless authentication solutions becoming commonplace, the use of stolen credentials is expected to significantly drop in future reports.”

C-suite executives were 12 times more likely to be the victim of social incidents and 9 times more likely to be the target of social breaches

C-suite executives were also a notable target with these leaders twelve times more likely to be the victim of social incidents and nine times more likely to be the target of social breaches than in previous years.

“The two most significant trends that stick out to me are the increased targeting of C-level executives and the need for standardization and visibility within organizations. The drastic increase in social attacks on C-level personnel points to the increased demand for cybersecurity awareness in the C-suite. More and more we are seeing information security leaders brought into business side discussions to provide cyber-focused insights and feedback on business strategy. The flywheel effect at work – involvement of cyber leaders and increased awareness in the executive suite – has an ongoing positive effect, a necessary change given that personnel, as well as systems, are under attack,” said George Wrenn, CEO of CyberSaint Security.

The Verizon 2019 Data Breach Investigations Report is valuable reading for executives concerned with cybersecurity. You can read the Executive Summary here for further insight.

You may also like

5 Ways to Champion and Increase ...
on November 26, 2019

Give your organization's leadership an impactful, out-of-office experience so they know what's at stake with their budgeting decisions. Late in the summer of 2015, I orchestrated ...

George Wrenn
CyberSaint Releases New Governance ...
on November 19, 2019

BOSTON--(BUSINESS WIRE)--CyberSaint Security, the developer of the leading platform for automated, intelligent risk and compliance, today announced significant updates to its ...

Mexican state-owned petroleum firm ...
on November 14, 2019

Mexican state-owned petroleum company Petróleos Mexicanos, known as Pemex, has been targeted in a ransomware attack whose perpetrators are demanding a ransom of 565 bitcoin, worth ...

CyberSaint Releases New California ...
on September 6, 2019

CyberSaint Security, the leading cybersecurity software firm powering automated, intelligent compliance and risk management, today announced the availability of the new California ...

What NIST’s Cybersecurity ...
on January 2, 2020

The risk of your business falling victim to cybercrime has never been higher. Despite a seemingly endless parade of high profile data breaches, ransomware attacks, and phishing ...

Aliznet exposed database leaks ...
on September 6, 2019

Personal information on customers of French retail consultancy Aliznet were exposed through an unprotected Elasticsearch server. “The most sensitive leaked data involves [2.5 ...