Cyber Resilience in the age of Targeted Attacks

The Top Three Data Breach Vectors and How to Combat Them

On May 19, Verizon released the 2020 Data Breach Investigations Report (DBIR). This annual report analyzes real-world security incidents and breaches impacting organizations around the globe.

The report draws on data from 81 contributing organizations, including Proofpoint. It analyzes 32,002 security incidents of which 3,950 were confirmed data breaches.

Below, we explore the top three data breach vectors identified by this comprehensive analysis and offer some suggestions for how to equip your organization to protect against each.

THE TOP THREE TYPES OF DATA BREACHES AND VECTORS

1. Credential Theft

Stolen credentials were used in over 80 percent of attacks on web applications and 43% of breaches were attacks on web applications, more than double the results from last year. This is a concerning trend as organizations move their workflows and communications to cloud-hosted services like O365, Slack, and GoogleCloud.

This migration provides an attractive new opportunity for cybercriminals: why “hack” the network when you can simply ask users to hand over their keys to the cloud environment?

Credential theft is useful for a wide range of cyberattacks, which explains why we’re seeing this same trend across other threat research publications. Last year, for example, Microsoft reported a 67% decrease in malware infections in 2019. At the same time, according to our threat research team, there has been a huge increase in the volume of unique malicious URLs in that same time period:

  • 85% of organizations experienced at least one targeted password attack, typically intelligent brute force attacks
  • 45% of organizations have at least one data breach where it is confirmed that an account is acting in malicious ways (e.g. sending phishing emails, malicious email attachment mass file downloads)

2. Phishing

If stolen credentials is the top prize for cybercriminals, a phishing data breach is the preferred method to achieve it. Spoofing a trusted identity, phishing attacks exploit human nature rather than exclusively technological vulnerabilities.

In this report, 25 percent of successful data breaches involved phishing—and credentials are by far the most common piece of data compromised in phishing attacks.

Phishing is a pervasive problem, feeding into every stage of multi-chain attacks we observe at Proofpoint. The success of phishing attacks relies on the inherent vulnerabilities. Which brings us to our third attack vector: human error.

3. Human Error

Human error accounted for 22% of all data breaches in Verizon’s report. Insiders have always been a challenge to the confidentiality and integrity of available data. According to Proofpoint research, the average global cost of Insider Threats rose by 31% in two years to $11.45 million, and the frequency of incidents spiked by 47% in the same time period. And now, with a largely distributed workforce unprotected from the shield of corporate controls, the opportunity for error increases exponentially.

HOW TO PROTECT YOURSELF FROM A DATA BREACH

So what’s the best way to protect yourself and your increasingly remote workforce from different types of data breaches? Here are five key pillars to a people-centric cybersecurity strategy.

Secure personal activities on corporate devices

When your people check personal webmail at work, they can unintentionally introduce known or new threats into your organization. In fact, according to Osterman, 60% of attacks in the enterprise come from web or personal email usage on corporate devices.

To combat this threat, you must implement an adaptive, risk-based solution that meets your organization’s security needs without getting in the users’ way. Instead of a one-size-fits-all approach, your solution should tailor isolation controls according to users’ unique vulnerabilities.

Protect the email channel

End-to-end email security is crucial to detecting, combatting and remediating phishing attacks across your organization. An effective email security solution must grant you:

  • Visibility into what threats you face, revealing who is being targeted, how and what information they are trying to steal
  • Core email control and content analysis that identifies distinct types of email targeting your employees, like bulk mail, credential phishing, BEC attacks, and more and offers customizable email policies to give users control so they can spot malicious email more easily.
  • Email authentication like DMARC (Domain-based Message Authentication Reporting and Conformance) to ensure that legitimate email is properly authenticating and fraudulent activity under your organization’s control is blocked.
  • Data loss prevention that prevents sensitive information from leaving your gateway.
  • Real-time threat response that effectively identifies and mitigates the inevitable threats that do pass through your defense.

Mitigate human error

Traditional security programs usually focus on protecting threats from the outside in. But 52% of data breaches are insider driven—and the cost has doubled in the last three years. To mitigate this risk, you must be empowered to detect threats, streamline your investigations and protect against data loss. (Learn more about how Proofpoint can help you do this here.)

Secure the Cloud

Remote workers use more cloud-based apps. Attackers can steal login credentials to take over user accounts and infiltrate corporate resources. Protect users as they browse the web and use cloud apps:

  • Defend against potentially malicious URL links in personal webmail
  • Gain adaptive controls to isolate URL clicks based on risk
  • Prevent unauthorized access to SaaS apps with identity and role-based controls
  • Protect sensitive files in the cloud with data loss prevention and device-based data controls
  • Detect and combat malicious and accidental insider risks in real time

Educate Users

Turn your users into a strong last line of defense—regardless of where they work:

  • Provide education that includes simulated attacks and knowledge assessments
  • Circulate training materials to your remote workforce on core cybersecurity and compliance topics
  • Implement email reporting and analysis tools to allow your users to easily report suspicious messages.

Learn More

To learn more about how Proofpoint can help protect credentials, combat phishing and educate your users, click here.

Subscribe to the Proofpoint Blog