5 Biggest Takeaways from Verizon’s 2020 Data Breach Investigations Report

5 Biggest Takeaways from Verizon's 2020 Data Breach Investigations Report

The threat landscape is always shifting with new cyberthreats arising all the time. For Ontario businesses to ensure their IT infrastructure is protected, it’s important to stay aware of the biggest current threats.

One way we do this is by staying up to date on industry reports when it comes to data and network security. They provide excellent insights into what you need to safeguard against, what old threats are back, and where hackers are focusing their attention.

Verizon’s 2020 Data Breach Investigations Report (DBIR) has some great takeaways on tactics that hackers are using to compromise business networks and user behaviors that are leaving networks at risk.

The report covers data from 81 different countries over 32,002 cybersecurity incidents and 3,950 data breaches. It answers questions that can inform IT security planning, like “Which tactics are used most in data breaches?” and 
“What are data breach commonalities?”

Following are the biggest takeaways from the report that can help you identify any weaknesses in your own cybersecurity strategy.

Important Data Breach Statistics to Inform Your Security Strategy

Data breaches and other IT security incidents can be devastating for businesses. Downtime costs, compliance violations, and data loss, all add up to major losses.

In Canada, the average cost of a data breach for businesses is CA$5.8 million

Here are some security facts to be aware of from the 2020 DBIR.

30% of Data Breaches are Due to Insiders

While a majority of data breaches come from outside your company (hackers or organized criminal groups), a significant percentage of them involve insiders.

Insiders don’t necessarily have to be an employee acting maliciously, they can also be a hacker that has managed to steal employee login credentials.

Insider attacks are a serious threat to watch for because they’re more difficult to detect. A user with legitimate login credentials can be breaching records for quite a while before being found out.

To protect against this threat, credential security is important. This includes things like:

Web Applications are Involved in 43% of Data Breaches

Hackers are increasingly going after company cloud accounts accessed by web applications. 

Once a hacker can breach an account, they can often gain access to large amounts of data (e.g. in a cloud storage account) and sometimes email accounts, which they use to send phishing attacks.

Ways to protect web applications include:

  • Keeping applications updated
  • Not using any questionable plugins on a WordPress site
  • Not clicking links in emails to get to a sign-in form (these can often be phishing)

Document Misdelivery is the #4 Threat Action for Breaches

The report lays out the top threat action varieties used in data breaches, and as you would expect, phishing is number one. But, number four is a bit surprising, it’s misdelivery of documents, which is the cause for approximately 10% of breaches.

Misdelivery is when a sensitive document or email ends up in the wrong hands by accident. 

This can often happen when there aren’t good document security policies in place. Better user training and automated document security tools (like Microsoft 365 sensitivity labels) can help prevent data breaches caused by misdelivery.

Password Dumpers Make Up 40% of Malware Used in Breaches

The number one malware that’s used in data breaches is a password dumper. This type of malicious program looks for ways to grab as many user login credentials as possible by accessing things like a web app or a single sign-on application.

The malware saves login details including the encryption keys and then dumps them from memory, giving the hacker an entire database of usable login credentials to sell on the Dark Web.

Some of the ways to safeguard against password dumpers are:

  • Use tools that watch for unknown IP address connections
  • For domain controllers, monitor for unscheduled activity
  • Protect databases from unauthorized access

On-Premises Assets are Breached Much More Than Cloud

A company’s on-premises technology is at much more of risk of a breach than their cloud assets. Data breaches involved on-premises assets 70% of the time, while cloud data was breached 24% of the time.  

This shows the disparity between the security put in place by cloud platform providers, who have multiple customers to worry about, and by companies themselves when it comes to protecting onsite data.

Safeguards for on-premises technology assets include using a next-gen firewall and ensuring that remote connections to your server or other onsite equipment are properly secured.

One way to do this would be to set up an approved list of user IP addresses that can connect to your resources remotely and blocking any connections from other IP addresses.

Is Your Cybersecurity Plan Updated for the Latest Threats?

The cybersecurity plan you put in place four years ago, may not have you properly protected against today’s biggest threats. Haxxess can review your current plan and let you know where you stand.

Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.

stay in touch

Subscribe to our newsletter and we'll keep you informed about latest IT news.