Verizon released its ‘2020 Data Breach Investigations Report’. The report details key statistics about cybercrime. It states that 67% of breaches are phishing attacks and business email compromise attempts. Specifically, it cites “credential theft” and “social attacks” as the main vectors of attack.
In addition, it emphasizes that the rise of remote work will only exacerbate the current trends.
“As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount,” said Tami Erwin, CEO, Verizon Business. “In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious.”
On the subject of attack vectors, the report provides a systematic understanding of how cybercrime attacks unfold. By looking for and finding patterns, the report presents attacks as a chain of events. This type of understanding has value to organizations. Instead of trying to simply ‘prevent attacks’, leaders can look at the relationship between specific tactics.
By linking these tactics together in this way, criminals’ entire strategies are revealed. Ultimately, this gives security decision makers the visibility they need to create comprehensive defensive. It prevents a major disaster occurring due to a series of small, cascading mistakes.
“The 2020 DBIR has re-emphasized the common patterns found within cyber-attack journeys, enabling organizations to determine the bad actors’ destination while they are in progress. Linked to the order of threat actions (e.g. Error, Malware, Physical, Hacking), these breach pathways can help predict the eventual breach target, enabling attacks to be stopped in their tracks. Organizations are therefore able to gain a “Defender’s Advantage” and better understand where to focus their security defenses.”
Finally, the report provides advice for SMB’s. Although huge phishing and account takeover tactics dominate headlines, Verizon reports that 30% of all breaches occur at small and medium sized businesses. Therefore, these businesses must also take the threat seriously.