{"id":5296,"date":"2019-05-08T10:01:02","date_gmt":"2019-05-08T15:01:02","guid":{"rendered":"https:\/\/3dmerchant.com\/blog\/?p=5296"},"modified":"2021-12-03T03:25:06","modified_gmt":"2021-12-03T08:25:06","slug":"2019-data-breach-report","status":"publish","type":"post","link":"https:\/\/3dmerchant.com\/blog\/merchant-processing-industry-news\/2019-data-breach-report","title":{"rendered":"C-Suite Beware: You are the latest targets of cybercrime, warns Verizon 2019 Data Breach Investigations Report"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>C-level\n executives increasingly and proactively targeted by social breaches \u2013 \ncorrelating to a rise of social-engineering attacks with financial \nmotivation.<\/li><li>Compromise of web-based email accounts using stolen \ncredentials (98 percent) rising -seen in 60 percent of attacks involving\n hacking a web application.<\/li><li>One quarter of all breaches still associated with espionage.<\/li><li>Ransomware\n attacks still strong, accounting for 24 percent of the malware \nincidents analyzed and ranking #2 in most-used malware varieties.<\/li><li>12th edition of the DBIR includes data from 73 contributors, the highest number since launch.<\/li><li>Analyzes 41,686 security incidents, and 2,013 confirmed breaches from 86 countries.<\/li><\/ul>\n\n\n\n<p>NEW\n YORK, May  08, 2019  (GLOBE NEWSWIRE) &#8212; C-level executives \u2013 who have \naccess to a company\u2019s most sensitive information, are now the major \nfocus for social engineering attacks, alerts the <a href=\"https:\/\/www.globenewswire.com\/Tracker?data=58yRVKratLituI5oQ6ww_7ul9xNQixvof6IhRsBJa6v-Atv-uDml9b_hHsF-k1P0lrEf34jSVC0RFz0gJTACQcQ-m9kbmZ5wMHLc9V1Suc1ozEFJ5u90dGJ_jg2zFCACMu4ghQLK_0B1h3ADGdH_Lvb8CXkWqMejnKl5QZbd04c=\" rel=\"noreferrer noopener\" target=\"_blank\">Verizon 2019 Data Breach Investigations Report<\/a>.\n Senior executives are 12x more likely to be the target of social \nincidents, and 9x more likely to be the target of social breaches than \nin previous years \u2013 and financial motivation remains the key driver. \nFinancially-motivated social engineering attacks (12 percent of all data\n breaches analyzed) are a key topic in this year\u2019s report, highlighting \nthe critical need to ensure ALL levels of employees are made aware of the potential impact of cybercrime.<\/p>\n\n\n\n<p>\u201cEnterprises\n are increasingly using edge-based applications to deliver credible \ninsights and experience. Supply chain data, video, and other critical \u2013 \noften personal \u2013 data WILL be assembled and analyzed at&nbsp;eye-blink speed,\n changing how applications utilize secure network capabilities\u201d comments\n George Fischer, president of Verizon Global Enterprise. \u201cSecurity&nbsp;must&nbsp;remain front and center when implementing&nbsp;these new applications and architectures.<\/p>\n\n\n\n<p>\u201cTechnical\n IT hygiene and network security are table stakes when it comes to \nreducing risk. It all begins with understanding your risk posture and \nthe threat landscape, so you can develop and action a solid plan to \nprotect your business against the reality of cybercrime. Knowledge is \npower, and Verizon\u2019s DBIR offers organizations large and small a \ncomprehensive overview of the cyber threat landscape today so they can \nquickly develop effective defense strategies.\u201d<\/p>\n\n\n\n<p>A successful \npretexting attack on senior executives can reap large dividends as a \nresult of their &#8211; often unchallenged &#8211; approval authority, and \nprivileged access into critical systems. Typically time-starved and \nunder pressure to deliver, senior executives quickly review and click on\n emails prior to moving on to the next (or have assistants managing \nemail on their behalf), making suspicious emails more likely to get \nthrough. The increasing success of social attacks such as business email\n compromises (BECs -which represent 370 incidents or 248 confirmed \nbreaches of those analyzed), can be linked to the unhealthy combination \nof a stressful business environment combined with a lack of focused \neducation on the risks of cybercrime.<\/p>\n\n\n\n<p>This year\u2019s findings also \nhighlight how the growing trend to share and store information within \ncost-effective cloud based solutions is exposing companies to additional\n security risks. Analysis found that there was a substantial shift \ntowards compromise of cloud-based email accounts via the use of stolen \ncredentials. In addition, publishing errors in the cloud are increasing \nyear-over-year. Misconfiguration (\u201cMiscellaneous Errors\u201d) led to a \nnumber of massive, cloud-based file storage breaches, exposing at least \n60 million records analyzed in the DBIR dataset. This accounts for 21 \npercent of breaches caused by errors.<\/p>\n\n\n\n<p>Bryan Sartin, executive \ndirector of security professional services at Verizon comments, \u201cAs \nbusinesses embrace new digital ways of working, many are unaware of the \nnew security risks to which they may be exposed. They really need access\n to cyber detection tools to gain access to a daily view of their \nsecurity posture, supported with statistics on the latest cyber threats.\n Security needs to be seen as a flexible and smart strategic asset that \nconstantly delivers to the businesses, and impacts the bottom line.\u201d<\/p>\n\n\n\n<p><strong>Major findings in summary<\/strong><\/p>\n\n\n\n<p>The\n DBIR continues to deliver comprehensive data-driven analysis of the \ncyber threat landscape. Major findings of the 2019 report include:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>New analysis from FBI Internet Crime Complaint Center (IC3): <\/strong>Provides\n insightful analysis of the impact of Business Email Compromises (BECs) \nand Computer Data Breaches (CDBs). The findings highlight how BECs can \nbe remedied. When the IC3 Recovery Asset Team acts upon BECs, and works \nwith the destination bank, half of all US-based business email \ncompromises had 99 percent of the money recovered or frozen; and only 9 \npercent had nothing recovered.<\/li><li><strong>Attacks on Human Resource personnel have decreased from last year<\/strong>:\n Findings saw 6x fewer Human Resource personnel being impacted this year\n compared to last, correlating with W-2 tax form scams almost \ndisappearing from the DBIR dataset.<\/li><li><strong>Chip and Pin payment technology has started delivering security dividends:<\/strong>\n The number of physical terminal compromises in payment card related \nbreaches is decreasing compared to web application compromises.<\/li><li><strong>Ransomware attacks are still going strong: <\/strong>They\n account for nearly 24 percent of incidents where malware was used. \nRansomware has become so commonplace that it is less frequently \nmentioned in the specialized media unless there is a high profile \ntarget.<\/li><li><strong>Media-hyped crypto-mining attacks were hardly existent:<\/strong> These types of attacks were not listed in the top 10 malware varieties, and only accounted for roughly 2 percent of incidents.<\/li><li><strong>Outsider threats remain dominant:<\/strong>\n External threat actors are still the primary force behind attacks (69 \npercent of breaches) with insiders accounting for 34 percent.&nbsp; &nbsp; &nbsp; &nbsp;<\/li><\/ul>\n\n\n\n<p><strong>Putting business sectors under the microscope<\/strong><\/p>\n\n\n\n<p>Once\n again, this year\u2019s report highlights the biggest threats faced by \nindividual industries, and also offers guidance on what companies can do\n to mitigate against these risks.<\/p>\n\n\n\n<p>\u201cEvery year we analyze data \nand alert companies as to the latest cybercriminal trends in order for \nthem to refocus their security strategies and proactively protect their \nbusinesses from cyber threats. However, even though we see specific \ntargets and attack locations change, ultimately the tactics used by the \ncriminals remain the same. There is an urgent need for businesses \u2013 \nlarge and small \u2013 to put the security of their business and protection \nof customer data first. Often even basic security practices and common \nsense deter cybercrime,\u201d comments Sartin.<\/p>\n\n\n\n<p>Industry findings of note include:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Educational Services:<\/strong>\n There was a noticeable shift towards financially motivated crime (80 \npercent). 35 percent of all breaches were due to human error and \napproximately a quarter of breaches arose from web application attacks, \nmost of which were attributable to the use of stolen credentials used to\n access cloud-based email.<\/li><li><strong>Healthcare:<\/strong> This \nbusiness sector continues to be the only industry to show a greater \nnumber of insider compared to external attacks (60 versus 42 percent \nrespectively). Unsurprisingly, medical data is 18x more likely to be \ncompromised in this industry, and when an internal actor is involved, is\n it 14x more likely to be a medical professional such as a doctor or \nnurse.<\/li><li><strong>Manufacturing:<\/strong> For the second year in a \nrow, financially motivated attacks outnumber cyber-espionage as the main\n reason for breaches in manufacturing, and this year by a more \nsignificant percentage (68 percent).<\/li><li><strong>Public Sector:<\/strong> Cyber-espionage rose this year &#8211; however, nearly 47 percent of breaches were only discovered years after the initial attack.<\/li><li><strong>Retail:<\/strong>\n Since 2015, Point of Sale (PoS) breaches have decreased by a factor of \n10, while Web Application breaches are now 13x more likely.<\/li><\/ul>\n\n\n\n<p>(More findings on all individual industries may be located in the <a href=\"https:\/\/www.globenewswire.com\/Tracker?data=soiWjtadodJrl_dWqKiY7UyD1cDG7w5VaAnALYh5MzHSoxjGSzeTfA_1_vJaQR6kvCntibP41OGf1pyLojtXo55PPN0_G_k05cpllqJkzdLq72Ruy21h3yCSTR67cjTy\" rel=\"noreferrer noopener\" target=\"_blank\">full report<\/a>.)&nbsp;<\/p>\n\n\n\n<p><strong>More data from highest number of contributors ever means deeper insights<\/strong><\/p>\n\n\n\n<p>\u201cWe\n are privileged to include data from more contributors this year than \never before, and had the pleasure of welcoming the FBI into our fold for\n the very first time,\u201d adds Sartin. \u201cWe are able to provide the valuable\n insights from our DBIR research as a result of the participation of our\n renowned contributors. We would like to thank them all for their \ncontinued support and welcome other organizations from around the world \nto join us in our forthcoming editions.\u201d<\/p>\n\n\n\n<p>This is the 12<sup>th<\/sup>\n edition of the DBIR and boosts the highest number of global \ncontributors so far &#8211; 73 contributors since its launch in 2008. It \ncontains analysis of 41,686 security incidents, which includes 2,013 \nconfirmed breaches. With this increase of contributors Verizon saw a \nsubstantial increase of data to be analyzed, totaling approximately 1.5 \nbillion data points of non-incident data.<\/p>\n\n\n\n<p>This year\u2019s report \nalso debuts new metrics and reasoning which helps identify which \nservices are seen as the most lucrative for attackers to both scan for \nand attack at scale. This analysis is based on honeypot and internet \nscan data.<\/p>\n\n\n\n<p>The complete Verizon 2019 Data Breach Investigations Report as well as Executive summary is available on the DBIR <a href=\"https:\/\/www.globenewswire.com\/Tracker?data=X4RuhgidxdqFmO03wo5stDiLhQG6FAqmotfYUlBgRO7NwO3SCLhyRHXQHDVdxwSXfnkN9WV5ZJsJDFWCpP0T1u36H7nao_vEHoymKlTn7nXRiu6JGtEQJkIpocr8Kb-E\" rel=\"noreferrer noopener\" target=\"_blank\">resource page<\/a>. Any organization wishing to become a DBIR contributor should contact dbir@verizon.com for further information.<\/p>\n\n\n\n<p><strong>About Verizon\u2019s security services and solutions<br><\/strong>Verizon\n is a leader in delivering global managed security solutions to \nenterprises in the financial services, retail, government, technology, \nhealthcare, manufacturing, and energy and transportation sectors. \nVerizon combines powerful intelligence and analytics with an expansive \nbreadth of professional and managed services, including customizable \nadvanced security operations and managed threat protection services, \nnext-generation commercial technology monitoring and analytics, threat \nintel and response service and forensics investigations and identity \nmanagement. Verizon brings the strength and expert knowledge of more \nthan 550 consultants across the globe to proactively reduce security \nthreats and lower information risks to organizations.<\/p>\n\n\n\n<p>Verizon \nCommunications Inc. (NYSE, Nasdaq: VZ), headquartered in New York City, \ngenerated revenues of $130.9 billion in 2018. The company operates \nAmerica\u2019s most reliable wireless network and the nation\u2019s premier \nall-fiber network, and delivers integrated solutions to businesses \nworldwide. With brands like Yahoo, TechCrunch and HuffPost, the \ncompany\u2019s media group helps consumers stay informed and entertained, \ncommunicate and transact, while creating new ways for advertisers and \npartners to connect. Verizon\u2019s corporate responsibility prioritizes the \nenvironmental, social and governance issues most relevant to its \nbusiness and impact to society.<\/p>\n\n\n\n<p>VERIZON\u2019S ONLINE MEDIA CENTER: News releases, stories, media contacts and other resources are available at <a href=\"https:\/\/www.globenewswire.com\/Tracker?data=KvoSSfFj_sgySJiCUYCITzChkfAZ1qe_rQfRLhmC6OYQQcOpVc4kJyS8Cw3i7_4aXMbivgTh629f1VFHFeJSzXgFJ2aD3ySMM5I6yHRKrBV-qfvrWyWc8Bs08RIar_4M\" rel=\"noreferrer noopener\" target=\"_blank\">www.verizon.com\/about\/news\/<\/a>. News releases are also available through an RSS feed. To subscribe, visit <a href=\"https:\/\/www.globenewswire.com\/Tracker?data=KvoSSfFj_sgySJiCUYCITzChkfAZ1qe_rQfRLhmC6OYDgAirk6JmaJFkN7c02gGUlKj75kbN_R751eSxJ6WOD4p3Lo5pttQBgs1seYQ_AE4rqihQzIEYd35wPFfneyyp\" rel=\"noreferrer noopener\" target=\"_blank\">www.verizon.com\/about\/rss-feeds\/<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>C-level executives increasingly and proactively targeted by social breaches \u2013 correlating to a rise of social-engineering attacks with financial motivation. Compromise of web-based email accounts using stolen credentials (98 percent) rising -seen in 60 percent of attacks involving hacking a &hellip; <a href=\"https:\/\/3dmerchant.com\/blog\/merchant-processing-industry-news\/2019-data-breach-report\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[558,41],"class_list":["post-5296","post","type-post","status-publish","format-standard","hentry","category-merchant-processing-industry-news","tag-data-breach-report","tag-data-security"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/posts\/5296","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/comments?post=5296"}],"version-history":[{"count":1,"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/posts\/5296\/revisions"}],"predecessor-version":[{"id":5297,"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/posts\/5296\/revisions\/5297"}],"wp:attachment":[{"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/media?parent=5296"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/categories?post=5296"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/tags?post=5296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}