On May 19, Verizon released the 2020 Data Breach Investigations Report (DBIR). This annual report analyses real-world security incidents and breaches impacting organisations around the globe.
The report draws on analysis of different types of data breaches from 81 contributing organisations, including Proofpoint. It analyses 32,002 security incidents of which 3,950 were confirmed data breaches.
Below, we explore the top threat vectors of the top three types of data breaches identified by this comprehensive analysis and offer some suggestions for how to equip your organisation to protect against each.
THE TOP THREE DATA BREACH VECTORS
1. Credential Theft
Stolen credentials were used in over 80 percent of attacks on web applications and 43% of breaches were attacks on web applications, more than double the results from last year. This is a concerning trend as organisations move their workflows and communications to cloud-hosted services like O365, Slack, and GoogleCloud.
This migration provides an attractive new opportunity for cybercriminals: why “hack” the network when you can simply ask users to hand over their keys to the cloud environment?
Credential theft is useful for a wide range of cyberattacks, which explains why we’re seeing this same trend across other threat research publications. Last year, for example, Microsoft reported a 67% decrease in malware infections in 2019. At the same time, according to our threat research team, there has been a huge increase in the volume of unique malicious URLs in that same time period:
- 85% of organisations experienced at least one targeted password attack, typically intelligent brute force attacks
- 45% of organisations have at least one breach where it is confirmed that an account is acting in malicious ways (e.g. sending malicious emails, mass file downloads)
If stolen credentials is the top prize for cybercriminals, phishing is the preferred method to achieve it. Spoofing a trusted identity, phishing attacks exploit human nature rather than exclusively technological vulnerabilities.
In this report, 25 percent of successful data breaches involved phishing—and credentials are by far the most common piece of data compromised in phishing attacks.
A phishing data breach is a pervasive problem, feeding into every stage of multi-chain attacks we observe at Proofpoint. The success of phishing attacks relies on the inherent vulnerabilities. Which brings us to our third attack vector: human error.
3. Human Error
Human error accounted for 22% of all data breaches in Verizon’s report. Insiders have always been a challenge to the confidentiality and integrity of available data. According to Proofpoint research, the average global cost of Insider Threats rose by 31% in two years to $11.45 million, and the frequency of incidents spiked by 47% in the same time period. And now, with a largely distributed workforce unprotected from the shield of corporate controls, the opportunity for error increases exponentially.
HOW TO PROTECT YOURSELF FROM A DATA BREACH
So what’s the best way to protect your organisation's increasingly remote workforce? Here are five key pillars to a people-centric cybersecurity strategy.
Secure personal activities on corporate devices
When your people check personal webmail at work, they can unintentionally introduce known or new threats into your organisation. In fact, according to Osterman, 60% of attacks in the enterprise come from web or personal email usage on corporate devices.
To combat this threat, you must implement an adaptive, risk-based solution that meets your organisation’s security needs without getting in the users’ way. Instead of a one-size-fits-all approach, your solution should tailor web and email isolation controls according to users’ unique vulnerabilities.
Protect the email channel
End-to-end email security is crucial to detecting, combatting and remediating phishing attacks across your organisation. An effective email security solution must grant you:
- Visibility into what threats you face, revealing who is being targeted, how and what information they are trying to steal
- Core email control and content analysis that identifies distinct types of email targeting your employees, like bulk mail, credential phishing, BEC attacks, and more and offers customizable email policies to give users control so they can spot malicious email more easily.
- Email authentication like DMARC (Domain-based Message Authentication Reporting and Conformance) to ensure that legitimate email is properly authenticating and fraudulent activity under your organisation’s control is blocked.
- Data loss prevention that prevents sensitive information from leaving your gateway.
- Real-time threat response that effectively identifies and mitigates the inevitable threats that do pass through your defence.
Mitigate human error
Traditional security programs usually focus on protecting threats from the outside in. But 52% of data breaches are insider driven—and the cost has doubled in the last three years. To mitigate this risk, you must be empowered to detect threats, streamline your investigations and protect against data loss. (Learn more about how Proofpoint can help you do this here.)
Secure the Cloud
Remote workers use more cloud-based apps. Attackers can steal login credentials to take over user accounts and infiltrate corporate resources. Protect users as they browse the web and use cloud apps:
- Defend against potentially malicious email attachments and URL links in personal webmail
- Gain adaptive controls to isolate URL clicks based on risk
- Prevent unauthorized access to SaaS apps with identity and role-based controls
- Protect sensitive files in the cloud with data loss prevention and device-based data controls
- Detect and combat malicious and accidental insider risks in real time
Turn your users into a strong last line of defence—regardless of where they work:
- Provide education that includes simulated attacks and knowledge assessments
- Circulate training materials to your remote workforce on core cybersecurity and compliance topics
- Implement email reporting and analysis tools to allow your users to easily report suspicious messages.
To learn more about how Proofpoint can help protect credentials, combat phishing and educate your users, click here.