“The Verizon Data Breach Investigations Report (DBIR) provides you with crucial perspectives on threats that organizations like yours face. The 12th DBIR is built on real-world data from 41,686 security incidents and 2,013 data breaches provided by 73 data sources, both public and private entities, spanning 86 countries worldwide. Data breaches continue to make headlines around the world. Seemingly, no matter what defensive measures security professionals put in place, attackers are able to circumvent them. No organization is too large or too small to fall victim to a data breach. No industry vertical is immune to attack. Regardless of the type or amount of your organization’s data, there is someone out there who is trying to steal it. Having a sound understanding of the threats you and your peer organizations face, how they have evolved over time, and which tactics are most likely to be utilized can prepare you to manage these risks more effectively and efficiently.
- Take me to your leader – C-level executives were twelve times more likely to be the target of social incidents and nine times more likely to be the target of social breaches than in years past. To further underline the growth of financial social engineering attacks, both security incidents and data breaches that compromised executives rose from single digits to dozens in this report.
- Get out of my cloud – As companies continue to transition to more cost-efficient cloud-based solutions, their email and other valuable data migrate along with them. Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value. Consequently, there’s been a corresponding increase in hacking cloud-based email servers via the use of stolen credentials. This is not an indication that cloud-based services are less secure, however. It is simply that phishing attacks, credential theft and configuration errors are a natural by-product of the process.
- What a tangled web we weave – Payment card web application compromises are well on their way to exceeding physical terminal compromises in payment card-related breaches. Data from one of our contributors, the National Cyber-Forensics and Training Alliance (NCFTA), substantiates this shift appears to have already occurred, and our larger data set is also trending that way…”