Every year, Verizon looks at thousands of data breach incidents to pull out valuable information for companies. This includes insights into how hackers are attacking, the malware types they’re using most, and trends in cybersecurity.
This year’s 2020 Data Breach Investigations Report (DBIR) included some big surprises about the types of attacks that are being focused on the most, which malware has hit the #1 spot in popularity, and more.
Any Brisbane area company that wants to ensure their technology is secure and their managed IT security is still properly protecting their data, needs to be aware of the tactics hackers are using and how they are evolving.
A network security plan that was airtight three years ago, may have some vulnerabilities now because of the way hackers have adjusted their strategies.
Cybersecurity is never a “one and done” prospect, it’s an ongoing process that anticipates new needs based upon cyberattack behaviours.
Between July and September of 2019, Australian individuals and small to medium enterprises lost $890,000 per day collectively due to cybercrime.
What should you do to protect yourself against today’s types of cyberattacks? We’ve dug into the Verizon DBIR to bring you several things you need to know to enhance your cybersecurity strategy.
Key Insights from the 2020 Data Breach Investigations Report
As you look through the details from the 2020 Data Breach Investigations Report, you’ll find some commonalities (such as credential theft) that can inform a smart cybersecurity strategy going forward.
The report’s data includes analysis of 3,950 data breaches and 157,525 security incidents across 81 countries. Here are the key takeaways from that data.
The #1 Malware Used is Password Dumpers
While you should still be worried about ransomware (#3) and malware that captures app data (#2), hackers have started going after passwords with a vengeance.
It makes sense, because security software for networks, devices and cloud solutions has become stronger, using behaviour-based methods to detect new malware. This means it’s become harder for hackers to access the data they want.
But, having a user password often bypasses security barriers. The number one malware found to be used in data breaches in 2019 were password dumpers, which seek out databases of usernames and passwords and “dump” them back to the hacker to exploit and sell.
Hackers are Using Multiple Delivery Methods
Approximately 46% of companies in the analysis received all their malware via email, but that leaves over half that saw malware attacks use different vectors. 22% of companies received almost no malware via email.
This is a bit like the “whack-a-mole” game when it comes to cybersecurity. As soon as you secure one entry point, a hacker is trying two or three more.
To be properly safeguarded, you need multi-layered protection in place that can stop malware from multiple entry points.
The main entry points used for malware included:
- Shell script
- Archive
- Java
- PDF file
- Browser app
- Malicious link
- Flash
- Linux app
- OSX app
- Android app
- DLL
Lost or Stolen Credentials are Used in a Majority of Breaches
Another clue that you really need to look at password security this year is that in more than 80% of the data breaches in 2019, hackers used either brute force or compromised login credentials.
The report also found that a significant number of breaches are specifically driven by the desire to steal databases full of user login credentials, then those credentials are deployed for other types of breaches to gain access to email, steal company data, or hack financial accounts.
User Credentials Are the Most Popular Data Sought in Phishing
Another indicator of the drive to steal user credentials and use them for more hacks is the fact that in over 60% of phishing attacks, it’s user login credentials that are the target.
This usually shows up a phishing email asking to reset a password or login to access a shared Office document. The login form may look normal to the user, but it’s spoofed, and the second they log in, a hack using those credentials is typically unleashed automatically.
Cloud Data is Currently Safer Than On-Premises
Another interesting finding in the 2020 Data Breach Investigation Report was that for those who store their data on-premises is that cloud assets were involved in about 24% of the data breaches, while on-premises assets were involved in 70%.
This is a good sign that many cloud vendors are taking security seriously and implementing multiple safeguards to keep user data safe. In 77% of the cloud breaches, it was user credentials that were used to bypass cloud app security.
Those with on-premises equipment storing their data, may want to check their device and network safeguards to ensure they’re fully protected.
Does Your Cybersecurity Plan Need a Check-up?
How long has it been since you’ve had a cybersecurity check-up? Connected Platforms can take a look at your current safeguards and match those against emerging threats to see if there are any vulnerabilities.
Contact our managed IT services Brisbane team today on (07) 3062 6932 for a FREE IT Health Check or for any questions you have about the 2020 Data Breach Investigations Report.