This week, Verizon released its ninth data breach investigations report, revealing troubling information – web attacks surged, ransomware increased and attackers are getting quicker at breaking in while stealing increased amounts of data and money. In fact, in 82 percent of data breaches analyzed by Verizon, it only took the cybercriminal a matter of minutes to compromise the system. While it often takes organizations several months to realize a breach, 68 percent of breaches analyzed saw – or didn’t see – cybercriminals come and leave with the data in just days. But perhaps the most frightening, human error from simple phishing attacks are far more to blame for public sector data breaches compared to sophisticated hackers, displaying a need for organizations to both train and test their employees with it comes to responding to suspicious emails. It is also important to note that it is not just the public sector that struggles with providing cybercriminals with confidential login information as both the financial and healthcare sectors have fallen victim to these attacks recently. Gabe Bassett, Verizon senior information security data scientist explains that because the public sector has so many reporting requirements that do not apply to non-government sectors, Verizon has farm more incident data from the government.
In more than half of data breaches (68 percent), weak, default or stolen user credentials were used, displaying both a surge of phishing attacks over the past year and a continuing failure of employees not protecting their passwords. Behind stolen credentials, malware, phishing and key loggers topped the list of cybercriminal tactics. Surprisingly, the Internet of Things (IoT) has failed to play the role in cybercrime that it was given – Verizon deemed the IoT a “nonfactor” despite immense vulnerabilities and hype surrounding it. “We’re still not seeing it,” says co-author of the report Marc Spitler. “There’s nothing there from our incident or breach corpus this year to do any other research around it. Inevitably, somebody will tell us we were wrong, but we tell the story of the data. The data is the data.” However, Spitler also warns that does not mean it’s not something to be worried about. In regards to who was affected the most this past year, Verizon found that financial firms were hit with the most last year, with 795 breaches. On the other hand, recent trends point to an increased focus on the financial industry in the latter half of 2015 and into 2016. In the report, the accommodation/hotel sector was hit the second most (281) with the information (194) coming in third. Following industries are the public sector (193), retail (137) and the healthcare industry (115).