Data Breach Investigation Report 2020

Each year, the American telecommunications giant, Verizon, publishes a Data Breach Investigation Report (DBIR). Tens of thousands of data-security incidents and breaches, from all sectors of industry, all over the world, are analysed by the Verizon team. At Fortify247, we’ve been having a look at the latest DBIR, released earlier this year.

Vocabulary for Event Recording and Incident Sharing (VERIS)

So that everyone’s on the same page when it comes to gathering, collating, and sharing data, DBIR uses VERIS (Vocabulary for Event Recording and Incident Sharing), a system of standardised terminology:

  • A threat actor is the perpetrator – the person or organisation behind an event. The actor might be a criminal seeking financial gain, or an insider who inadvertently makes an error.
  • A threat action is the nature of the event, for example, hacking, phishing, or error.
  • An incident is a security event that compromises the confidentiality, availability, or integrity of data.
  • A breach is an incident that results in the confirmed disclosure of data to an unauthorised party.

Threat Actors

In 2019 (the period covered by the 2020 DBIR), 70% of data breaches were perpetrated by external actors. Organised criminal groups were behind 55% of all breaches.

Of the 30% of breaches perpetrated by internal actors, most were caused by error. Just over half of these errors were due to misconfiguration – a failure to implement the necessary security controls. Misuse by authorised users accounted for 8% of breaches.

Malware

There are so many ways in which hackers can infect a computer network with malware. And there are many different kinds of malware that can be illegitimately installed.

Viruses and worms are pieces of code that self-replicate within computer software, spreading through machines, networks, and the Internet.

Ransomware encrypts data, and threat actors demand payment in return for decryption.

C2 (Command and control) malware is a powerful tool that cybercriminals use to manipulate a botnet (robot + network) – a network of malware-infected devices. Botnets are commonly created to carry out distributed denial-of-service (DDoS) attacks.

Phishing is the most common form of cyberattack, executed by criminals who understand and manipulate the human psyche. Targeting their prey through the medium of email, attackers will attempt to gather information by claiming to be someone or something they’re not (pretexting), or they’ll persuade recipients to open an attachment or follow a link (baiting), which will expose the victim’s network to malware. Phishing is a well-designed act of social manipulation and behavioural engineering.

Another way in which malware can be delivered is by Trojan horse. Concealed within a legitimate, harmless-looking programme, malicious software can be used by threat actors to steal, destroy, or modify data.

Contact Us

Find out how we can help you protect your business through robust, multi-layer cybersecurity. Just give us a call on 01263 805012 or email [email protected].

Why not take this free cyber risk assessment! Answer 15 questions in five technology categories to determine your final risk score.

Love this Post ? Spread the Word