By: Dr. Angela Orebaugh

Verizon recently released their 2020 Data Breach Investigations Report (DBIR) with a new treasure trove of cybersecurity insights. While the full report is 119 pages, it is filled with informative data visualizations, humor, and the occasional throwback that any security geek from the 90s will treasure. If you are short on time, you can review their 19-page Executive Summary of the report.

Table 1 summarizes the main takeaways from the study. Twelve percent of the security incidents analyzed had confirmed breaches, with 70% of those from external sources.  Thirty percent of breaches from internal sources is still something to pay attention to since insiders already have the advantage of access to systems.

The top methods of breach were credential theft, social attacks, and errors. 

·Credential theft involves brute force or the use of lost or stolen credentials. Most of the credential theft breaches occurred with web applications. In fact, 43% of breaches were attacks on web applications, more than double from last year. This is a trend that will continue as we move valuable data to the cloud for web accessibility. Credential theft leads to credential stuffing – where an attacker uses leaked usernames and passwords from a breach to attempt to log into a user’s other accounts using the same information. Most people use the same usernames and passwords across accounts, making this an easy and rewarding attack.  

·Social attacks also have a credential component, with 96% of social attacks compromising credentials through phishing emails.  

·Errors include misconfigurations, misdeliveries, and publication errors. Breaches resulting from errors doubled from last year. Misconfigurations have been exponentially increasing since 2017.

Attackers are compromising personal data in 58% of the attacks, which is double from last year. Personal data includes email addresses, demographic data, and other personally identifiable information (PII). Another interesting finding is that 27% of all malware incidents were ransomware. This number should not be a surprise after the copious ransomware compromises we have seen in the headlines over the past year, which leads us to the main motivator – making money. Cybercrime is big business with 86% of breaches financially motivated. Stealing credentials, collecting PII, phishing, and ransomware all lead to money.

Table 1.  Verizon 2020 Data Breach Investigations Report Summary

Frequency32,002 security incidents, 3,950 with confirmed breaches
Top PatternsCredential theft, social attacks, and errors represent 67% of breaches
Threat ActorsExternal (70%), Internal (30%)
Actor MotivesFinancial (86%)
Data CompromisedPersonal (58%)

The threats identified in the Verizon 2020 DBIR can be mitigated through the combination of policy, practice, and posture. Table 2 shows some examples across policy, practice, and posture to address the top findings. By addressing the top threats identified as the cause of the most common breaches, your organization can be better prepared to defend and respond to cybersecurity incidents. And hopefully, remain off the list of breaches in 2021!

Table 2.  Mapping threats to Policy, Practice, and Posture

 PolicyPracticePosture
Credential theft·Access control standards and policies
·Password policies
·Incident response planning
·Data protection
·Access control
·Password managers
·Encryption
·Multi-factor authentication
·Account monitoring
·Monitor and enforce policy adherence
·Respond to events and incidents
Social attacks·Security awareness and training
·Incident response planning
·Malware protection
·Backup
·Social engineering testing
·Monitor and enforce policy adherence
·Respond to events and incidents
Misconfigurations·Standards, baselines, and guidelines
·Incident response planning
·Identify and classify critical data
·Secure configuration
·Continuous vulnerability management
·Identify and remediate vulnerabilities
·Penetration testing
·Respond to events and incidents
Web application vulnerabilities·Standards, baselines, and guidelines
·Incident response planning
·Identify and classify critical data
·Server and application hardening
·Continuous vulnerability management
·Identify and remediate vulnerabilities
·Penetration testing
·Respond to events and incidents

About the Author

Photo credit: https://www.scps.virginia.edu/faculty/stories/angela-orebaugh/

Angela Orebaugh, Ph.D. is a technologist, educator, researcher, and author with a broad spectrum of expertise in information technology and security. She synergizes her 20 years of hands-on strategic and technical experiences within industry, academia, and government to advise clients on information technology and security strategy, management, and technologies.