Verizon recently released the 2018 Data Breach Investigations Report (DBIR), its annual analysis of the real-world security events that are impacting organizations around the globe. The report collected data from 67 contributing organizations, covering over 53,000 incidents and 2,216 confirmed data breaches.*
Attackers Are Targeting End Users Across Many Industries
The DBIR breaks down data by industry and organization size, noting how the actors, motives, tactics and attack patterns vary across industries. Notable insights include the following:
- Education – Social attacks are the second most common action type, present in 41% of breaches. The report ties this to the prevalence of cyber-espionage within this vertical.
- Financial – Social attacks, particularly phishing, figure prominently in breaches in this industry.
- Healthcare – According to the DBIR, the healthcare vertical is the only one in which insider threats pose a greater risk than external threats when it comes to breaches. This can be tied to the frequency of employee errors and misuse of data.
- Manufacturing – External espionage is a major threat in this industry, and most attacks begin with phishing.
- Professional Services – Almost of half of breaches in this industry involve either phishing or pretexting.
- Public Administration – Phishing is the top cyber-espionage action in this vertical.
Engaging End Users Through Security Awareness Training
As in years past, the DBIR makes several recommendations for educating end users and enlisting their help in breach prevention strategies:
- Provide role-specific education and training for users likely to be targeted based on their privileges or access to data, especially those with access to employee data such as W-2s or the ability to transfer funds.
- Increase end users’ level of skepticism.
- Conduct regular security training and routine security audits to help prevent successful phishing attacks and miscellaneous errors.
- Implement two-factor or multi-factor authentication for those who administer any web applications or databases — and preferably for all users in your organization.
In addition to being taught how to avoid phishing attacks, end users should be encouraged to actively report suspicious emails. According to the DBIR, only 17% percent of phishing campaigns were reported. Training employees to use a reporting button to flag suspected phishing emails helps reduce the amount of time a threat remains active within a corporate network. A fast response can help prevent more people from clicking on the phishing email.
Bryan Sartin, executive director of security professional services at Verizon, underscores the need for informed, prepared, and engaged end users in the fight against cybercrime. “Companies also need to continue to invest in employee education about cybercrime and the detrimental effect a breach can have on brand, reputation and the bottom line,” he said in a press release. “Employees should be a business’s first line of defense, rather than the weakest link in the security chain. Ongoing training and education programs are essential. It only takes one person to click on a phishing email to expose an entire organization.”
* For reference, Verizon makes a clear distinction between a security incident and a security breach. An incident is “a security event that compromises the integrity, confidentiality or availability of an information asset.” A breach is “an incident that results in the confirmed disclosure — not just the potential exposure — of data to an unauthorized party.”
Subscribe to the Proofpoint Blog