The Verizon Data Breach Investigations Report 2016 (DBIR) was released earlier this week, and its findings aren’t exactly surprising.
Verizon analysed 2,260 breaches and over 100,000 incidents at 67 organisations in 82 countries.
“This year’s study underlines that things are not getting better,” said Laurance Dine, managing principal of investigative response at Verizon Enterprise Solutions.
“We continue to see the same kind of attacks exploiting the same vulnerabilities because many organisations still lack basic defences”.
Some key findings were:
- 90% of breaches still fit into nine patterns
- The top ten vulnerabilities accounted for 85% of successful exploit traffic
- Miscellaneous errors were responsible for 17.7% of breaches
- Insider and privilege misuse were responsible for 16.3%
- In financial services, 88% of breaches involved three patterns: web app attacks, crimeware and denial of service.
- In 93% of cases, it took just minutes to get access to a network.
One statistic that really stood out to me was that 63% of confirmed data breaches involved attackers exploiting weak, default or stolen passwords.
30% of phishing messages were opened last year – a 7% year-on-year increase – and 12% of recipients went on to click malicious attachments or links that installed malware.
Staff awareness training on phishing is an absolute must for ALL organisations. Phishing is a very effective method used by cyber criminals for two reasons: it’s easy to carry out and, more importantly, it works.