Insider threat? Pffft. Hackers on the outside are the ones mostly making off with your private biz data, says Verizon
Malware-led intrusions falling out of fashion, too
Outside hackers were to blame for most data thefts last year, while in-house drama contributed to only a fifth of total computer security incidents, Verizon reckons.
In its 13th Data Breach Investigations Report, which probed some 4,000 intrusions and network breaches in 2019, Verizon found that the online world is still a fairly bad place if you’re not tooled up enough to defend yourself and your customers from external miscreants hoping to make bank.
“Financial motives is still number one,” the American telco giant's Alex Schlager told The Register. “86 per cent of the breaches were financially motivated, up from 71 per cent last year.”
The report revealed attacks involving malware infections dropped from almost half of all security breaches in 2016 to a “historical low” today, with criminals preferring phishing and siphoning off credentials, instead. Well, mostly.
“We see on a per industry basis, in the education sector for example, ransomware is the dominant attack variety; credential theft, though, is more popular in attacks on retailers,” commented Schlager.
“We saw a significant spike last year and this is continuing. The reason is cloud. The way the complexities that can be connected with deploying into the cloud or migrating to cloud are increasingly the reason for incidents and breaches. Kubernetes alone... a lot of companies don’t have the full scale to secure their cloud environments.”
Schlager also praised companies that regularly and quickly patched their IT estates as and when updates became available, something he said worked well in preventing network breaches by miscreants exploiting known software vulnerabilities. Fewer than 1 in 20 intrusions in 2019 were due to lack of patching or resulted from a missed patch, he told El Reg.
Poorly configured and misconfigured internet-facing systems, allowing crooks in and out with sensitive data without authorization, appears to be a problem, though. Meanwhile, “90 per cent” of break-ins were discovered within hours or days.
Despite billions in spending, your 'military grade' network will still be leaking dataREAD MORE
“Also a new low – in a positive sense of course! I remember in 2014-15, the average time to detect a breach was 11 months,” Verizon’s man reminisced, adding that patching is “a good hygiene indicator.”
Organised crime accounted for 55 per cent of all security breaches looked at by the American telco, a figure more or less flat compared with 2018’s findings.
Lots of industry hype around insider threat as an attack vector may have been wide of the mark, too: 81 per cent of network breaches, said Schlager, were caused by external vectors, though healthcare (at roughly 50-50) was a notable exception.
“We expected to see more insider threats,” said Verizon’s man. “It’s real but you shouldn’t overrate it based on the numbers we’ve seen. We did a numbers analysis, differentiation between geographies. You won’t see major differences between geographies.”
In conclusion: keep patching regularly, secure systems facing the internet, keep educating your staff not to click on potentially bad links or email file attachments and to be on alert for phishing attempts, and above all, keep smiling. The world needs cheerful, switched-on security bods more than ever. See Verizon's dossier for the full skinny. ®