Verizon’s latest Data Breach Investigations Report provides valuable insight into exactly how attacks are carried out, what tactics are working, and how users are helping.
Every year Verizon Enterprise put out one of the best pieces of industry data. With tens of thousands of incidents reported, the output from this report is statistically relevant and provides a fair representation of what’s going on in the world of data breaches.
In this year’s DBIR report, some key findings came to light about the nature of attacks:
- Phishing was the #1 threat action used in 32% of successful data breaches
- 33% of breaches also included social engineering
- 28% of attacks involved malware
It’s interesting to see phishing, social, and malware all involved in about one-third of data breaches, despite it being unlikely it’s the same one-third of breaches.
When malware is involved, according to the report, 94% of the time it comes in via email, and is an Office document nearly one-half the time.
The picture painted by Verizon looks very much like users remain a weak link in the security chain, being the target of attacks that still successfully fall victim to them. Organizations need to tackle this with more than just software security solutions and look to address users by incorporating them into the company security strategy.
By continually putting users through Security Awareness Training, organizations can begin to craft a security culture where users are attentive to the potential risk found in interacting with email and the web.
The Verizon DBIR makes it clear that one attack vector that needs more focus this year by organizations is the user. Empowering users with a security mindset through proper training will reduce the threat surface and risk of breach.