Verizon's annual Data Breach Investigations Report confirmed 3,950 data breaches across 16 industries. Tom Merritt explains five things to know about these breaches.
Verizon just put out its annual Data Breach Investigations Report (DBIR). The company reviewed 32,002 security incidents and confirmed 3,950 data breaches across 16 industries. These reports are good at helping you discover some insights to keep yourself secure. Here are five takeaways from the DBIR report to know about data breaches.
- It's coming from inside the enterprise. Internal error-related breaches doubled to its highest level yet. Some of this may be due to improved reporting thanks to laws like the GDPR. Some, but not all.
- It's getting personal. Email addresses, names, phone numbers, etc. Personal data was involved in 58% of breaches, again, twice the percentage as last year. Although, improved reporting may account for some of that rise.
- It's because humans. More than 67% of breaches were as a result of credential theft like phishing, social attacks, or just plain human error. Increased reporting or no, the percentage that's our fault stayed steady.
- It's moving to the web. Attacks on web apps doubled to be part of 43% of breaches, which makes sense as we move to web apps the attackers follow. Less than 20% of the breaches were because of vulnerabilities. The majority were credentials that were either brute-forced or stolen.
- It's all about the money. Corporate espionage accounts for 10% of breaches. Eighty-six percent are financially motivated and those headline-grabbing advanced persistent threats? Four percent.
No, it's not great news, but it's not supposed to be. The DBIR is like going to the doctor--you know they're going to tell you to exercise more and improve your diet, but you always want to look for what changed since the last time you got a checkup so you can hopefully stave off the really bad things.
Subscribe to TechRepublic Top 5 on YouTube for all the latest tech advice for business pros from Tom Merritt.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Kubernetes security guide (free PDF) (TechRepublic download)
- Security Awareness and Training policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Tom Merritt's Top 5 series (TechRepublic on Flipboard)