cyber trends
•
•
•
•
•
remedied. When the IC3 Recovery
Asset Team acts upon BECs and
works with the destination bank,
half of all US-based business email
compromises had 99% of the money
recovered or frozen; and only 9% had
nothing recovered
Attacks on human resource
personnel have decreased from
last year: Findings saw six times
fewer human resource personnel
being impacted this year compared
to last, correlating with W-2 tax form
scams almost disappearing from the
DBIR dataset
Chip and Pin payment technology
has started delivering security
dividends: The number of
physical terminal compromises in
payment card-related breaches
is decreasing compared to web
application compromises
Ransomware attacks are still
going strong: They account for
nearly 24% of incidents where
malware was used. Ransomware
has become so commonplace that
it is less frequently mentioned in the
specialised media unless there is a
high-profile target
Media-hyped cryptomining attacks
were hardly existent: These types of
attacks were not listed in the top 10
malware varieties and only accounted
for roughly 2% of incidents
Outsider threats remain dominant:
External threat actors are still the
primary force behind attacks (69% of
breaches) with insiders accounting
for 34%
Putting business sectors under
the microscope
the criminals remain the same. There is
an urgent need for businesses – large
and small – to put the security of their
business and protection of customer
data first. Often even basic security
practices and common sense deter
cybercrime,” said Sartin. Industry
findings of note include:
• Educational services: There was a
noticeable shift towards financially-
motivated crime (80%). A total of
35% of all breaches were due to
human error and approximately a
quarter of breaches arose from web
application attacks, most of which
were attributable to the use of stolen
credentials used to access cloud-
based email
• Healthcare: This business sector
continues to be the only industry to
show a greater number of insider
compared to external attacks
(60 versus 42% respectively).
Unsurprisingly, medical data is 18
times more likely to be compromised
in this industry and when an internal
actor is involved, it is 14 times more
likely to be a medical professional
such as a doctor or nurse
• Manufacturing: For the second
year in a row, financially-motivated
attacks outnumber cyberespionage
as the main reason for breaches in
manufacturing and this year by a
more significant percentage (68%)
• Public sector: Cyberespionage rose
this year; however, nearly 47% of
breaches were only discovered years
after the initial attack
• Retail: Since 2015, Point of Sale
(PoS) breaches have decreased
by a factor of 10, while Web
Application breaches are now
13 times more likely
More data from
highest number of
contributors ever
means deeper insights
“We are privileged to include
data from more contributors
this year than ever before and had
the pleasure of welcoming the FBI
into our fold for the very first time,”
said Sartin. “We are able to provide
the valuable insights from our DBIR
research as a result of the participation
of our renowned contributors. We
would like to thank them all for their
continued support and welcome other
organisations from around the world to
join us in our forthcoming editions.”
This is the 12th edition of the DBIR and
boasts the highest number of global
contributors so far – 73 contributors
since its launch in 2008. It contains
analysis of 41,686 security incidents,
which includes 2,013 confirmed
breaches. With this increase of
contributors, Verizon saw a substantial
increase of data to be analysed, totalling
approximately 1.5 billion data points of
non-incident data.
This year’s report also debuts new
metrics and reasoning which helps
identify which services are seen as
the most lucrative for attackers to
both scan for and attack at scale. This
analysis is based on honeypot and
Internet scan data. u
Once again, this year’s report highlights
the biggest threats faced by individual
industries and also offers guidance
on what companies can do to mitigate
against these risks.
“Every year we analyse data and
alert companies as to the latest
cybercriminal trends in order for them
to refocus their security strategies and
proactively protect their businesses from
cyberthreats. However, even though we
see specific targets and attack locations
change, ultimately the tactics used by
www.intelligentciso.com
|
Issue 15
21