Request Demo

News Coverage

Insights from Verizon’s 2019 Data Breach Report

down-arrow

$40 million stolen from the Binance cryptocurrency exchange yesterday by cybercriminals. Hackers infiltrating hundreds of Amazon merchant accounts late last year. The ongoing impact from the massive 2017 Equifax data breach exposing more than 148 million records.

The hit parade of cybersecurity breaches never lets up in this global, always-on, online world.

Verizon's 2019 Data Breach Investigations Report analyzed more than 41,000 data breaches worldwide.Verizon’s 2019 Data Breach Investigations Report (DBIR) provides insight from 41,686 security incidents and 2,013 data breaches provided by 73 data sources, both public and private, covering 86 countries. We’ve got some leading cybersecurity experts to help provide a perspective.

Adam Laub, SVP of Product Management, STEALTHbits Technologies said, “The 2019 Verizon Data Breach Investigations Report did not disappoint in terms of providing an interesting a captivating analysis of the past year’s data breach happenings. While there didn’t appear to be any particularly shocking findings with regards to attack TTPs, motives, industry statistics, or attack timelines, the 2019 DBIR again delivered the message – perhaps indirectly – that the absence of foundation-level and layered security controls, internal security discipline, and general security awareness are the common denominators in the data breach dilemma.”

Data breach report highlights

69% of data breaches were by outsiders and a surprising 34% involved insiders.

Verizon’s investigation showed 69% of data breaches were by outsiders and a surprising 34% involved insiders. Organized criminal groups were behind 39% of events and 23% were identified as “nation-states.”

The variety of attacks were wide-ranging including hacking (52%) and social media attacks (33%). 71% of the attacks were financially motivated while 25% were identified as espionage.

“The vast majority of security tools focus on user endpoints – laptops, desktops, mobile. But 80-90% of current incidents involve corporate servers, whether on-premises or in the cloud. Analysts like Gartner are stressing that user endpoint security tools are not effective in protecting servers or cloud workloads – in fact, they are dangerous because they provide a false sense of security. Server-side security requires much more attention,” said Satya Gupta, CTO, and Co-founder of Virsec.

The report also noted, “Payment card web application compromises are well on their way to exceeding physical terminal compromises in payment card-related breaches.”

Who got hacked?

43% of the victims were small business while others included public sector (16%), healthcare (15%), and the financial industry (10%).

Verizon said 43% of the victims were small business while others included public sector (16%), healthcare (15%), and the financial industry (10%).

Michael Magrath, Director, Global Regulations & Standards at OneSpan said, “The use of stolen credentials on banking applications remain common. The authors, like most security experts, recommend multifactor authentication to combat this vector of attack.  Until strong customer authentication is mandated through regulation, hackers will continue to steal login credentials. However, with secure, frictionless authentication solutions becoming commonplace, the use of stolen credentials is expected to significantly drop in future reports.”

C-suite executives were 12 times more likely to be the victim of social incidents and 9 times more likely to be the target of social breaches

C-suite executives were also a notable target with these leaders twelve times more likely to be the victim of social incidents and nine times more likely to be the target of social breaches than in previous years.

“The two most significant trends that stick out to me are the increased targeting of C-level executives and the need for standardization and visibility within organizations. The drastic increase in social attacks on C-level personnel points to the increased demand for cybersecurity awareness in the C-suite. More and more we are seeing information security leaders brought into business side discussions to provide cyber-focused insights and feedback on business strategy. The flywheel effect at work – involvement of cyber leaders and increased awareness in the executive suite – has an ongoing positive effect, a necessary change given that personnel, as well as systems, are under attack,” said George Wrenn, CEO of CyberSaint Security.

The Verizon 2019 Data Breach Investigations Report is valuable reading for executives concerned with cybersecurity. You can read the Executive Summary here for further insight.

You may also like

CyberSaint Releases Governance ...
on July 9, 2019

BOSTON--(BUSINESS WIRE)--CyberSaint Security, the developer of the industry’s leading platform for automated, intelligent risk and compliance, today announced the general ...

Downgrade Of Equifax By Moody’s ...
on May 28, 2019

In response to this week’s downgrade by Moody’s of Equifax as a result of its 2017 massive breach of consumer data, six cybersecurity and risk experts offer perspective on this ...

Insights from Verizon’s 2019 Data ...
on May 9, 2019

$40 million stolen from the Binance cryptocurrency exchange yesterday by cybercriminals. Hackers infiltrating hundreds of Amazon merchant accounts late last year. The ongoing ...

CyberSaint Introduces First ...
on April 16, 2019

New CyberStrong™ integrated risk management platform capabilities deliver actionable vulnerability intelligence, single sign-on (SSO), various hosting options, and customer-facing ...

Should There Be ‘Safe Harbor’ ...
on February 20, 2019

Sometimes, you do the best you can, but things happen anyway. You follow all the best practices, all your systems are locked down, you spend twice as much as your peers on ...

Data Center Knowledge
CyberStrong Integrated Risk ...
on February 19, 2019

BOSTON--(BUSINESS WIRE)--CyberSaint Security, a cybersecurity software firm that powers automated, intelligent compliance and risk management, today announced that the company ...