C-Suite Beware: You are the latest targets of cybercrime, warns Verizon 2019 Data Breach Investigations Report

  • C-level executives increasingly and proactively targeted by social breaches – correlating to a rise of social-engineering attacks with financial motivation.
  • Compromise of web-based email accounts using stolen credentials (98 percent) rising -seen in 60 percent of attacks involving hacking a web application.
  • One quarter of all breaches still associated with espionage.
  • Ransomware attacks still strong, accounting for 24 percent of the malware incidents analyzed and ranking #2 in most-used malware varieties.
  • 12th edition of the DBIR includes data from 73 contributors, the highest number since launch.
  • Analyzes 41,686 security incidents, and 2,013 confirmed breaches from 86 countries.

NEW YORK, May 08, 2019 (GLOBE NEWSWIRE) — C-level executives – who have access to a company’s most sensitive information, are now the major focus for social engineering attacks, alerts the Verizon 2019 Data Breach Investigations Report. Senior executives are 12x more likely to be the target of social incidents, and 9x more likely to be the target of social breaches than in previous years – and financial motivation remains the key driver. Financially-motivated social engineering attacks (12 percent of all data breaches analyzed) are a key topic in this year’s report, highlighting the critical need to ensure ALL levels of employees are made aware of the potential impact of cybercrime.

“Enterprises are increasingly using edge-based applications to deliver credible insights and experience. Supply chain data, video, and other critical – often personal – data WILL be assembled and analyzed at eye-blink speed, changing how applications utilize secure network capabilities” comments George Fischer, president of Verizon Global Enterprise. “Security must remain front and center when implementing these new applications and architectures.

“Technical IT hygiene and network security are table stakes when it comes to reducing risk. It all begins with understanding your risk posture and the threat landscape, so you can develop and action a solid plan to protect your business against the reality of cybercrime. Knowledge is power, and Verizon’s DBIR offers organizations large and small a comprehensive overview of the cyber threat landscape today so they can quickly develop effective defense strategies.”

A successful pretexting attack on senior executives can reap large dividends as a result of their – often unchallenged – approval authority, and privileged access into critical systems. Typically time-starved and under pressure to deliver, senior executives quickly review and click on emails prior to moving on to the next (or have assistants managing email on their behalf), making suspicious emails more likely to get through. The increasing success of social attacks such as business email compromises (BECs -which represent 370 incidents or 248 confirmed breaches of those analyzed), can be linked to the unhealthy combination of a stressful business environment combined with a lack of focused education on the risks of cybercrime.

This year’s findings also highlight how the growing trend to share and store information within cost-effective cloud based solutions is exposing companies to additional security risks. Analysis found that there was a substantial shift towards compromise of cloud-based email accounts via the use of stolen credentials. In addition, publishing errors in the cloud are increasing year-over-year. Misconfiguration (“Miscellaneous Errors”) led to a number of massive, cloud-based file storage breaches, exposing at least 60 million records analyzed in the DBIR dataset. This accounts for 21 percent of breaches caused by errors.

Bryan Sartin, executive director of security professional services at Verizon comments, “As businesses embrace new digital ways of working, many are unaware of the new security risks to which they may be exposed. They really need access to cyber detection tools to gain access to a daily view of their security posture, supported with statistics on the latest cyber threats. Security needs to be seen as a flexible and smart strategic asset that constantly delivers to the businesses, and impacts the bottom line.”

Major findings in summary

The DBIR continues to deliver comprehensive data-driven analysis of the cyber threat landscape. Major findings of the 2019 report include:

  • New analysis from FBI Internet Crime Complaint Center (IC3): Provides insightful analysis of the impact of Business Email Compromises (BECs) and Computer Data Breaches (CDBs). The findings highlight how BECs can be remedied. When the IC3 Recovery Asset Team acts upon BECs, and works with the destination bank, half of all US-based business email compromises had 99 percent of the money recovered or frozen; and only 9 percent had nothing recovered.
  • Attacks on Human Resource personnel have decreased from last year: Findings saw 6x fewer Human Resource personnel being impacted this year compared to last, correlating with W-2 tax form scams almost disappearing from the DBIR dataset.
  • Chip and Pin payment technology has started delivering security dividends: The number of physical terminal compromises in payment card related breaches is decreasing compared to web application compromises.
  • Ransomware attacks are still going strong: They account for nearly 24 percent of incidents where malware was used. Ransomware has become so commonplace that it is less frequently mentioned in the specialized media unless there is a high profile target.
  • Media-hyped crypto-mining attacks were hardly existent: These types of attacks were not listed in the top 10 malware varieties, and only accounted for roughly 2 percent of incidents.
  • Outsider threats remain dominant: External threat actors are still the primary force behind attacks (69 percent of breaches) with insiders accounting for 34 percent.       

Putting business sectors under the microscope

Once again, this year’s report highlights the biggest threats faced by individual industries, and also offers guidance on what companies can do to mitigate against these risks.

“Every year we analyze data and alert companies as to the latest cybercriminal trends in order for them to refocus their security strategies and proactively protect their businesses from cyber threats. However, even though we see specific targets and attack locations change, ultimately the tactics used by the criminals remain the same. There is an urgent need for businesses – large and small – to put the security of their business and protection of customer data first. Often even basic security practices and common sense deter cybercrime,” comments Sartin.

Industry findings of note include:

  • Educational Services: There was a noticeable shift towards financially motivated crime (80 percent). 35 percent of all breaches were due to human error and approximately a quarter of breaches arose from web application attacks, most of which were attributable to the use of stolen credentials used to access cloud-based email.
  • Healthcare: This business sector continues to be the only industry to show a greater number of insider compared to external attacks (60 versus 42 percent respectively). Unsurprisingly, medical data is 18x more likely to be compromised in this industry, and when an internal actor is involved, is it 14x more likely to be a medical professional such as a doctor or nurse.
  • Manufacturing: For the second year in a row, financially motivated attacks outnumber cyber-espionage as the main reason for breaches in manufacturing, and this year by a more significant percentage (68 percent).
  • Public Sector: Cyber-espionage rose this year – however, nearly 47 percent of breaches were only discovered years after the initial attack.
  • Retail: Since 2015, Point of Sale (PoS) breaches have decreased by a factor of 10, while Web Application breaches are now 13x more likely.

(More findings on all individual industries may be located in the full report.) 

More data from highest number of contributors ever means deeper insights

“We are privileged to include data from more contributors this year than ever before, and had the pleasure of welcoming the FBI into our fold for the very first time,” adds Sartin. “We are able to provide the valuable insights from our DBIR research as a result of the participation of our renowned contributors. We would like to thank them all for their continued support and welcome other organizations from around the world to join us in our forthcoming editions.”

This is the 12th edition of the DBIR and boosts the highest number of global contributors so far – 73 contributors since its launch in 2008. It contains analysis of 41,686 security incidents, which includes 2,013 confirmed breaches. With this increase of contributors Verizon saw a substantial increase of data to be analyzed, totaling approximately 1.5 billion data points of non-incident data.

This year’s report also debuts new metrics and reasoning which helps identify which services are seen as the most lucrative for attackers to both scan for and attack at scale. This analysis is based on honeypot and internet scan data.

The complete Verizon 2019 Data Breach Investigations Report as well as Executive summary is available on the DBIR resource page. Any organization wishing to become a DBIR contributor should contact dbir@verizon.com for further information.

About Verizon’s security services and solutions
Verizon is a leader in delivering global managed security solutions to enterprises in the financial services, retail, government, technology, healthcare, manufacturing, and energy and transportation sectors. Verizon combines powerful intelligence and analytics with an expansive breadth of professional and managed services, including customizable advanced security operations and managed threat protection services, next-generation commercial technology monitoring and analytics, threat intel and response service and forensics investigations and identity management. Verizon brings the strength and expert knowledge of more than 550 consultants across the globe to proactively reduce security threats and lower information risks to organizations.

Verizon Communications Inc. (NYSE, Nasdaq: VZ), headquartered in New York City, generated revenues of $130.9 billion in 2018. The company operates America’s most reliable wireless network and the nation’s premier all-fiber network, and delivers integrated solutions to businesses worldwide. With brands like Yahoo, TechCrunch and HuffPost, the company’s media group helps consumers stay informed and entertained, communicate and transact, while creating new ways for advertisers and partners to connect. Verizon’s corporate responsibility prioritizes the environmental, social and governance issues most relevant to its business and impact to society.

VERIZON’S ONLINE MEDIA CENTER: News releases, stories, media contacts and other resources are available at www.verizon.com/about/news/. News releases are also available through an RSS feed. To subscribe, visit www.verizon.com/about/rss-feeds/.

Insiders Cause More than 50% of Data Breaches, Reveals Netwrix IT Risks Report

In terms of main threat actors, expectation rarely matches reality, because most incidents were caused by insider mistakes rather than hacker attacks, as assumed by most respondents.

IRVINE, Calif., Oct. 2, 2018 /PRNewswire/ — Netwrix Corporation, provider of a visibility platform for data security and risk mitigation in hybrid environments, today announced the release of its global 2018 IT Risks Report. This year, Netwrix conducted an in-depth study of the major IT risks that are significant for most organizations and assessed respondents’ readiness to withstand cyber threats.

The report is based on the feedback of 1,558 organizations of various sizes from many different regions and industries. It summarizes the experiences and plans the organizations have in regard to addressing six IT risks: physical damage, intellectual property theft, data loss, data breach, system disruption and compliance penalties.

The report reveals the following key findings:

  • Most companies consider hacker attacks to be the most dangerous threat, but in fact, insiders cause the majority of security incidents by either malicious or accidental actions.
  • Not all critical security controls are reviewed regularly as required by best practices. The most neglected controls include getting rid of stale and unnecessary data and conducting data classification. These controls are exercised rarely or never by 20% and 14% of organizations, respectively.
  • Although 70% of companies have done IT risk assessment at least once, only 33% re-evaluate their IT risks regularly.
  • 44% of respondents either do not know or are unsure of what their employees are doing with sensitive data.
  • Nonetheless, over 60% of respondents think that their level of visibility is high enough, which lulls them into a false sense of security.
  • Only 17% of organizations have an actionable incident response plan; 42% have only a draft or have no plan at all.

“Our report illustrates that the foremost reason why the organizations fail to address major IT risks lies in a lax approach to security basics. They are giving priority to some controls and are leaving the most important ones out of scope. Haphazard approach to security basics and poor visibility into sensitive data gives IT pros a false sense of security. However, paying more attention to all security basics can help organizations manage IT risks with more success,” said Steve Dickson, CEO of Netwrix.

To learn more about the IT risks organizations face today, please visit: www.netwrix.com/go/it_risks_in_2018.

About Netwrix Corporation

Netwrix Corporation is a software company focused exclusively on providing IT security and operations teams with pervasive visibility into user behavior, system configurations and data sensitivity across hybrid IT infrastructures to protect data regardless of its location. Over 9,000 organizations worldwide rely on Netwrix to detect and proactively mitigate data security threats, pass compliance audits with less effort and expense, and increase the productivity of their IT teams.

Founded in 2006, Netwrix has earned more than 140 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S.

For more information, visit www.netwrix.com.

IBM Study: Hidden Costs of Data Breaches Increase Expenses for Businesses

Study for First Time Calculates the Full Cost of “Mega Breaches,” as High as $350 Million

CAMBRIDGE, Mass., July 11, 2018 /PRNewswire/ — IBM (NYSE: IBM) Security today announced the results of a global study examining the full financial impact of a data breach on a company’s bottom line. Overall, the study found that hidden costs in data breaches – such as lost business, negative impact on reputation and employee time spent on recovery – are difficult and expensive to manage. For example, the study found that one-third of the cost of “mega breaches” (over 1 million lost records) were derived from lost business.

Sponsored by IBM Security and conducted by Ponemon Institute, the 2018 Cost of a Data Breach Study1 found that the average cost of a data breach globally is $3.86 million,2 a 6.4 percent increase from the 2017 report. Based on in-depth interviews with nearly 500 companies that experienced a data breach, the study analyzes hundreds of cost factors surrounding a breach, from technical investigations and recovery, to notifications, legal and regulatory activities, and cost of lost business and reputation.

This year for the first time, the study also calculated the costs associated with “mega breaches” ranging from 1 million to 50 million records lost, projecting that these breaches cost companies between $40 million and $350 million respectively.

“While highly publicized data breaches often report losses in the millions, these numbers are highly variable and often focused on a few specific costs which are easily quantified,” said Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services (IRIS). “The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover, and operational costs. Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake.”

Hidden Figures – Calculating the Cost of a Mega Breach
In the past five years, the amount of mega breaches (breaches of more than 1 million records) has nearly doubled – from just nine mega breaches in 2013, to 16 mega breaches in 2017.3 Due to the small amount of mega breaches in the past, the Cost of a Data Breach study historically analyzed data breaches of around 2,500 to 100,000 lost records.

Based on analysis of 11 companies experiencing a mega breach over the past two years, this year’s report uses statistical modelling to project the cost of breaches ranging from 1 million to 50 million compromised records.  Key findings include:

  • Average cost of a data breach of 1 million compromised records is nearly $40 million dollars
  • At 50 million records, estimated total cost of a breach is $350 million dollars
  • The vast majority of these breaches (10 out of 11) stemmed from malicious and criminal attacks (as opposed to system glitches or human error)
  • The average time to detect and contain a mega breach was 365 days – almost 100 days longer than a smaller scale breach (266 days)

For mega breaches, the biggest expense category was costs associated with lost business, which was estimated at nearly $118 million for breaches of 50 million records – almost a third of the total cost of a breach this size. IBM analyzed the publicly reported costs of several high profile mega breaches, and found the reported numbers are often less than the average cost found in the study.4 This is likely due to publicly reported cost often being limited to direct costs, such as technology and services to recover from the breach, legal and regulatory fees, and reparations to customers.

What Impacts the Average Cost of a Data Breach?
For the past 13 years, the Ponemon Institute has examined the cost associated with data breaches of less than 100,000 records, finding that the costs have steadily risen over the course of the study.  The average cost of a data breach was $3.86 million in the 2018 study, compared to $3.50 million in 2014 – representing nearly 10 percent net increase over the past 5 years of the study.

The study also examines factors which increase or decrease the cost of the breach, finding that costs are heavily impacted by the amount of time spent containing a data breach, as well as investments in technologies that speed response time.

  • The average time to identify a data breach in the study was 197 days, and the average time to contain a data breach once identified was 69 days.
  • Companies who contained a breach in less than 30 days saved over $1 million compared to those that took more than 30 days ($3.09 million vs. $4.25 million average total)

The amount of lost or stolen records also impacts the cost of a breach, costing $148 per lost or stolen record on average. The study examined several factors which increase or decrease this cost:

  • Having an incident response team was the top cost saving factor, reducing the cost by $14 per compromised record
  • The use of an AI platform for cybersecurity reduced the cost by $8 per lost or stolen record
  • Companies that indicated a “rush to notify” had a higher cost by $5 per lost or stolen record

This year for the first time, the report examined the effect of security automation tools which use artificial intelligence, machine learning, analytics and orchestration to augment or replace human intervention in the identification and containment of a breach. The analysis found that organizations that had extensively deployed automated security technologies saved over $1.5 million on the total cost of a breach ($2.88 million, compared to $4.43 million for those who had not deployed security automation.)

Regional and Industry Differences
The study also compared the cost of data breaches in different industries and regions, finding that data breaches are the costliest in the U.S. and the Middle East, and least costly in Brazil and India.

  • U.S. companies experienced the highest average cost of a breach at $7.91 million, followed by the Middle East at $5.31 million.
  • Lowest total cost of a breach was $1.24 million in Brazil, followed by $1.77 million in India.

One major factor impacting the cost of a data breach in the U.S. was the reported cost of lost business, which was $4.2 million – more than the total average cost of a breach globally, and more than double the amount of “lost business costs” compared to any other region surveyed. One major factor impacting lost business costs is customer turnover in the aftermath of a breach; in fact a recent IBM / Harris poll report found that 75 percent of consumers in the U.S. say that they will not do business with companies that they do not trust to protect their data.

For the 8th year in a row, Healthcare organizations had the highest costs associated with data breaches – costing them $408 per lost or stolen record – nearly three times higher than the cross-industry average ($148).

“The goal of our research is to demonstrate the value of good data protection practices, and the factors that make a tangible difference in what a company pays to resolve a data breach,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “While data breach costs have been rising steadily over the history of the study, we see positive signs of cost savings through the use of newer technologies as well as proper planning for incident response, which can significantly reduce these costs.”

Download Full Reports & Register for the Webinar
To download the 2018 Cost of a Data Breach Study: Global Overview, visit https://www.ibm.com/security/data-breach/

To view the digital infographic with study highlights, visit: https://costofadatabreach.mybluemix.net

To register to attend the IBM Security and Ponemon Institute webinar on July 26th at 11 a.m. ET, visit: https://ibm.biz/BdYDvf

About IBM Security
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force® research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world’s broadest security research, development and delivery organizations, monitors 35 billion security events per day in more than 130 countries, and has been granted more than 8,000 security patents worldwide. For more information, please check www.ibm.com/security, follow IBMSecurity on Twitter or visit the IBM Security Intelligence blog.

Media Contact:
Cassy Lalan
IBM Security Communications
319-230-2232
cllalan@us.ibm.com

1 Data collection began February 2017 and interviews were completed in April 2018
2 Average cost for data breaches of 2,500-100,000 lost or stolen records
3 Source: IBM analysis of Privacy Rights Clearinghouse’s Chronology of Data Breaches
4 Equifax data breach reported to cost company $275 million; Target 2016 financial report estimated $292 million loss as a result of 2013 data breach; Ruby Corp (the parent company of Ashley Madison) reportedly paid $11.2 million for the settlement of its 2015 breach.

 

SOURCE IBM

Ransomware still a top cybersecurity threat, warns Verizon 2018 Data Breach Investigations Report

Ransomware attacks double since 2017, and now target business critical systems

  • Ransomware is the more prevalent variety of malicious software, found in 39 percent of malware-related cases.
  • Human factor continues to be a weakness: financial pretexting and phishing attacks now target Human Resource (HR) departments.
  • 11th edition of the DBIR includes data from 67 contributing organizations, with analysis on over 53,000 incidents and 2,216 breaches from 65 countries.

NEW YORK, April 10, 2018 (GLOBE NEWSWIRE) — Ransomware attacks are a key cybersecurity threat for global organizations, warns Verizon’s 2018 Data Breach Investigations Report (DBIR). Ransomware is the most common type of malware, found in 39 percent of malware-related data breaches – double that of last year’s DBIR – and accounts for over 700 incidents. What’s more, Verizon’s analysis show that attacks are now moving into business critical systems, which encrypt file servers or databases, inflicting more damage and commanding bigger ransom requests.

DBIR analysis also flags a shift in how social attacks, such as financial pretexting and phishing, are used. Attacks such as these, which continue to infiltrate organizations via employees, are now increasingly a departmental issue. Analysis shows that Human Resource (HR) departments across multiple verticals are now being targeted in a bid to extract employee wage and tax data, so criminals can commit tax fraud and divert tax rebates.

“Businesses find it difficult to keep abreast of the threat landscape, and continue to put themselves at risk by not adopting dynamic and proactive security strategies,” says George Fischer, president of Verizon Enterprise Solutions. “Verizon gives businesses data-driven, real-life views on the cyber-threat landscape, not only through the DBIR series but also via our comprehensive range of intelligent security solutions and services. This 11th edition of the DBIR gives in-depth information and analysis on what’s really going on in cybercrime, helping organizations to make intelligent decisions on how best to protect themselves.”

Major findings in summary

The 11th edition of the DBIR continues to deliver comprehensive data-driven analysis of the cyber threat landscape. Major findings of the 2018 report include:

  • Ransomware is the most prevalent variety of malicious software: It was found in 39 percent of malware-related cases examined this year, moving up from fourth place in the 2017 DBIR (and 22nd in 2014). Most importantly, based on Verizon’s dataset it has started to impact business critical systems rather than just desktops. This is leading to bigger ransom demands, making the life of a cybercriminal more profitable with less work.
  • The human factor continues to be a key weakness: Employees are still falling victim to social attacks. Financial pretexting and phishing represent 98 percent of social incidents and 93 percent of all breaches investigated – with email continuing to be the main entry point (96 percent of cases). Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasizing the need for ongoing employee cybersecurity education.
  • Financial pretexting targets HR: Pretexting incidents have increased over five times since the 2017 DBIR, with 170 incidents analyzed this year (compared to just 61 incidents in the 2017 DBIR). Eighty eight of these incidents specifically targeted HR staff to obtain personal data for the filing of file fraudulent tax returns.
  • Phishing attacks cannot be ignored: While on average 78 percent of people did not fail a phishing test last year, 4 percent of people do for any given phishing campaign. A cybercriminal only needs one victim to get access into an organization.
  • DDoS attacks are everywhere: DDoS attacks can impact anyone and are often used as camouflage, often being started, stopped and restarted to hide other breaches in progress. They are powerful, but also manageable if the correct DDoS mitigation strategy is in place.
  • Most attackers are outsiders: One breach can have multiple attackers and we found the following: 72 percent of attacks were perpetrated by outsiders, 27 percent involved internal actors, 2 percent involved partners and 2 percent feature multiple partners. Organized crime groups still account for 50 percent of the attacks analyzed.

“Ransomware remains a significant threat for companies of all sizes,” says Bryan Sartin, executive director security professional services, Verizon. “It is now the most prevalent form of malware, and its use has increased significantly over recent years. What is interesting to us is that businesses are still not investing in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom – the cybercriminal is the only winner here! As an industry, we have to help our customers take a more proactive approach to their security. Helping them to understand the threats they face is the first step to putting in place solutions to protect themselves.”

Sartin continued: “Companies also need to continue to invest in employee education about cybercrime and the detrimental effect a breach can have on brand, reputation and the bottom line. Employees should be a business’s first line of defense, rather than the weakest link in the security chain. Ongoing training and education programs are essential. It only takes one person to click on a phishing email to expose an entire organization.”

Biggest risks per industries analyzed

This year’s report highlights the biggest threats faced by individual industries, and also offers guidance on what companies can do to mitigate against these risks. Key industry findings include:

  • Education – Social engineering targeting personal information is high, which is then used for identity fraud. Highly sensitive research is also at risk, with 20 percent of attacks motivated by espionage. Eleven percent of attacks also have “fun” as the motive rather than financial gain.
  • Financial and insurance – Payment card skimmers installed on ATMs are still big business; however, we’re also now seeing a rise in “ATM jackpotting,” where fraudulently installed software or hardware instructs the ATMs to release large amounts of cash. DDoS attacks are also a threat.
  • Healthcare – This is the only industry where insider threats are greater than threats from the outside. Human error remains a major contributor to healthcare risks.
  • Information1 – DDoS attacks account for over half (56 percent) of the incidents within this sector.
  • Public sector – Cyber-espionage remains a major concern, with 43 percent of breaches being espionage motivated. However, it is not only state-secrets that are a target – personal data is also at risk.

Other industries examined within the report include accommodation and food services; professional, technical and scientific services; and manufacturing and retail.

_________________________
1 Publishers, motion picture and sound recording companies

The time to act is NOW

Sixty-eight percent of breaches took months or longer to discover, even though 87 percent of the breaches examined had data compromised within minutes or less of the attack taking place. While safety cannot be guaranteed, proactive steps can be taken to help keep organizations from being victims. These are:

  1. Stay vigilant – log files and change management systems can give you early warning of a breach.
  2. Make people your first line of defense – train staff to spot the warning signs.
  3. Keep data on a “need to know” basis – only employees that need access to systems to do their jobs should have it.
  4. Patch promptly – this could guard against many attacks.
  5. Encrypt sensitive data – make your data next to useless if it is stolen.
  6. Use two-factor authentication – this can limit the damage that can be done with lost or stolen credentials.
  7. Don’t forget physical security – not all data theft happens online.

Still the most authoritative data-driven cybersecurity report around

Now in its 11th year, the Verizon 2018 Data Breach Investigations Report leverages collective data from 67 organizations across the world. This year’s report includes analysis on 53,000 incidents and 2,216 breaches from 65 countries. The DBIR series continues to be one of the most data-driven security publications on the globe, combining data from multiple sources towards a common goal – slicing through the fear, uncertainty and doubt around cybercrime.

Verizon will be showcasing its latest intelligent security solutions, including the recently launched Verizon Risk Report, at RSA 2018 in San Francisco, Moscone North Hall, booth #4121.

About Verizon
Verizon Communications Inc. (NYSE:VZ) (Nasdaq:VZ), headquartered in New York City, generated $126 billion in 2017 revenues. The company operates America’s most reliable wireless network and the nation’s premier all-fiber network, and delivers integrated solutions to businesses worldwide. Its Oath subsidiary reaches about one billion people around the world with a dynamic house of media and technology brands.

Thieves Found Citigroup Site an Easy Entry for customer data

NY Times reports Hackers get into Citigroup via their customer credit card account management web site. In 2008, the underground market for the data was flooded with more than 360 million stolen personal records, most of them credit and debit files. That compared with 3.8 million records stolen in 2010, according to a report by Verizon and the Secret Service, which investigates credit card fraud along with other law enforcement agencies like the Federal Bureau of Investigation. As a result, the price of data is going up and hackers abound.