Why do we get so excited about the release of the 2017 Verizon Data Breach Investigations Report (DBIR)? Because, as Verizon says so well, “It is not all bad news for the good guys.” There’s a lot to learn—and a lot to gain—from the 2017 DBIR’s analysis of over 40,000 incidents and almost 2,000 confirmed data breaches. After all, if we don’t learn from our mistakes, we’re doomed to repeat them.
Our Top Takeaways from the 2017 DBIR
- Insider threat remains a huge problem. Internal actors were responsible for 1 in 4 data breaches in 2016. That’s about the same as the previous year. But it’s still an unsettling fact.
- Cybercrime keeps getting more organized and sophisticated. More than half of all attacks (51%) in 2016 involved organized criminal groups. We’ve talked a lot about the innovative black market for cybercrime. As the bad guys increasingly band together and pool knowledge and resources, the attacks grow more targeted, more sophisticated and more effective. The massive WannaCry ransomware attack may not have been particularly effective, but it’s hard to argue that it wasn’t organized.
- State-sponsored hacking and espionage are growing fast. Considering the tumultuous geopolitical events of the last year, it’s probably not surprising to hear that governments are increasingly using hacking as a powerful tool for intelligence—and actually engaging in “cyber warfare.” Almost 1 in 5 attacks (18%) involved state-affiliated actors and 21 percent related to espionage. Just like organized cybercrime, state-sponsored hacking promises to bring big money and resources that will drive innovation in new hacking tools and tactics. Enterprises can easily end up as collateral damage in state-sponsored cyberattacks.
- Users are as gullible as ever. Why hack in when you can trick users into giving you the keys? Forty-three percent of attacks involved social engineering, and 90 percent of those were phishing schemes. And that’s not all: Simple user error (i.e., sending sensitive data to the wrong recipient) accounted for 14 percent of data breaches.
- Ransomware continues to dominate headlines. Verizon marveled at ransomware’s meteoric rise from the 22nd-most-common type of malware in 2014 to the number five spot in 2017. More alarming, the 2017 DBIR saw ransomware “swing away from infecting individual consumer systems toward targeting vulnerable organizations.” With massive coordinated ransomware attacks like WannaCry making headlines, we expect ransomware won’t be falling out of the news cycle anytime soon.
- Breaches follow patterns. Patterns are predictable. Nearly all of the breaches identified in the 2017 DBIR (88%) fall into one of the nine basic patterns Verizon first identified back in 2014. On the one hand, that means businesses are still vulnerable to the same tactics, three years later. But here’s the bright side: If breaches follow patterns, they can be predicted. Given the right visibility and analytics tools, businesses can spot the telltale signs of an attack early—and mitigate the damage.
- Verizon left out the most obvious solution.In the section dedicated to ransomware, Verizon highlights several ways the security industry is fighting back against ransomware: better security software, sharing threat intelligence with law enforcement and across the enterprise world, and the nomoreransom.org initiative. But they mystifyingly leave out the simplest, most obvious solution to the ransomware epidemic: endpoint backup. If every device and every file is automatically and continuously backed up, the ransomware attack has no teeth. You never lose your data, bounce back to business as usual and never have to pay the ransom. Come on, Verizon—it’s not that complicated!
There’s plenty more to learn from the 2017 DBIR, including attack patterns and trends for your specific industry. It’s also quite a fun read, with an approachable tone and a healthy dash of irreverent humor. We highly encourage you to read through it yourself with an eye toward understanding the threats you face, so you can be better prepared for whatever the next year brings.
The Code42 CTRL-Z Study 2017