Verizon’s 2017 Data Breach Investigations Report

It is the most highly anticipated cyber security report of the year and, for the tenth year running, Verizon has released its annual Data Breach Investigations Report (DBIR). The report is based on data from more than 42,000 security incidents and almost 2,000 breaches.

“Insights provided in the DBIR are levelling the cyber security playing field,” said George Fischer, president of Verizon Enterprise Solutions. “Our data is giving governments and organizations the information they need to anticipate cyber attacks and more effectively mitigate cyber-risk”.

He continued, “By analyzing data from our own security team and that of other leading security practitioners from around the world, we’re able to offer valuable intelligence that can be used to transform an organization’s risk profile”.

Five points to take away from the 2017 DBIR

  1. Cyber criminals have been targeting smaller companies. 61% of the data breach victims in this year’s report are organisations with fewer than 1,000 employees.
  2. People are still falling for phishing. 1 in 14 users were tricked into clicking a link or opening an attachment. 25% of those went on to be deceived more than once.
  3. Ransomware is growing. 51% of data breaches analysed in the DBIR involved malware. In the 2014 DBIR, ransomware was the 22nd most common form of malware. This year it has jumped up to number five.
  4. 80% of hacking-related breaches used either stolen passwords and/or weak passwords. Social engineering is becoming more and more common as a way for cyber criminals to hack their way into an organisation, and unfortunately far too many organisations are making it easy for them.
  5. Many organisations rely on out-of-date defences. It’s important to know which threats organisations like yours may face so that you can take the necessary steps to prevent them. Take a look at the executive summary for a handy guide to typical threats summarised by industry.

Companies need to have an effective ISMS

The report’s findings stress how important it is to have an effective information security management system (ISMS) in place to protect staff, processes, technology and assets.

Having an ISMS that is aligned to the international cyber security standard, ISO 27001, will help you manage and control the risks associated with data breaches, and help you build strong defences to combat all of the scenarios highlighted. ISO 27001 is applicable to all organisations irrespective of their size, type or nature.

Take a free trial of our ISO 27001 ISMS Documentation Toolkit, which contains customisable templates that will help accelerate your ISO 27001 project as well as providing clear direction on how to build a robust ISMS.