+44 (0)203 88 020 88

Menu

Search

Cyber Security News & Articles

 

Cyber Security
News & Articles

Trusted Cyber Security Experts
25+ Years Industry Experience
Ethical, Professional & Pragmatic

Key Lessons from 2020 Data Breach Report

Verizon has published their 13th annual Data Breach Investigations Report – and it focuses on security incidents and breaches that occurred during 2019. The 2020 DBIR analysed 157,525 incidents, 32,002 in detail and confirmed 3950 breaches in 81 countries.

Although the scope is global, half of the incidents in the data come from North America and only 13% from Europe.

The DBIR differentiates between a breach (where data is confirmed to have been stolen) and an incident (where data disclosure was not confirmed but the confidentiality, integrity or availability of the data was compromised).

The DBIR reports incidents and breaches that took place (succeeded in other words) – so it paints a somewhat different view of the world compared to reports from security vendors who also include data about failed attacks which were blocked by their security systems.  For example, Cryptocurrency mining malware was present in just 1.5% of incidents – yet 10% of organisations received (and blocked) Cryptocurrency mining malware during the year.

The full report can be obtained from the Verizon website

Why breaches happen

Knowing your enemy helps you defend your network.  When it comes to understanding the motivation of threat attackers the adage to ‘follow the money’ proves true:

86% of breaches were financially motivated and Organised Crime was behind 55% of breaches.

70% of breaches were perpetrated by external actors and they were prepared to work for their money – 45% of breaches featured active Hacking whereas Malware was involved in only 17% of breaches.

However, a growing trend in the report this year is the own-goals scored by in-house teams. Errors and Misconfigurations were causal events in 22% of breaches

When considering just breaches: all types of threat actions are trending down over the last five years (including Hacking, Social engineering and Malware) except for Errors and Misconfigurations which is slowly on the rise.

 

What is being targeted

Web applications were involved in 43% of breaches and 37% of breaches stole or abused credentials.  So, when it comes to data theft, not surprisingly threat attackers are focusing on the main exposed attack surface – which is the internet facing web application servers in most networks.

Criminals don’t want to have to work for a living any more than anyone else -so they start with the low hanging fruit and try to brute force or steal credentials where they can. The primary means for obtaining credentials is Phishing (present in 22% of breaches) or credential theft by other means (in another 20% of breaches).

The next two most prevalent threat actions in breaches are based on Errors – with either misdelivery of confidential information or misconfiguration of access controls accounting for another 20% between them.  We don’t know how much of this growth in the Errors category is a result of more transparent and honest reporting by organisations when they make a mistake and how much is down to the increased use of cloud and SaaS systems and staff are making errors with unfamiliar new tools.

Over 70% of attacks are focused on servers (as opposed to personal computers or kiosks/terminals etc). The attacks on servers are biased with 40% of total attacks  being against web application servers, 20% against mail servers and 10% against database servers – reflecting both where the weaknesses lie and how exposed the different types of server are to the internet.

Hacking that resulted in successful breaches is focused on Brute Force of use of Stolen Credentials (in 80% of breaches that involved Hacking) – and over 80% of those attacks were focused on Web Applications.

 

Vulnerability Management is only the start

Identifying and patching vulnerabilities occupies a lot of time and effort in security teams.  Perhaps because (regulatory mandates aside) Peter Drucker was right: ‘what gets measured gets managed’ and it is easy to measure vulnerabilities and patching thanks to the existence of automated vulnerability scans.   The exploitation of vulnerabilities was a factor in only 5% of breaches.

Patching is important but once it is in place there are other things that will have a much greater impact on your network’s security that need to be addressed.

Dominant themes in the DBIR report suggest it will be prudent to invest in steps that will: Enhance the security of Web Application servers – these are the main target of attacks and reduce the number of Errors performed by your staff.

 

Practice Makes Perfect

SIEM systems and a well-rehearsed Security Incident Response Plan will help you spot and contain incidents more quickly.  Generally, organisations have made great strides in recent years to spot and contain incidents much more quickly.

Breaches are being spotted and contained more quickly – practicing the Incident Response Plan really pays off.  In 2016 over 60% of breaches went undetected for several months, but in 2019 over 60% of breaches were detected and contained in ‘days or less.’

 

Key takeaways

Web Application servers were the primary target in most breaches – first using stolen credentials or credential stuffing and secondly by hacking the application server software.  Invest in enhancing the security of the network components which are the target of most attacks – validate your network security through Web Application Penetration Testing.

Credential theft and Phishing is implicated in over 40% of breachesSecurity Awareness Training will help your team improve their password hygiene and protect their credentials.

Misconfiguration of Cloud Services and Network Devices is increasingly mentioned in data breach reports – it was a factor in over a fifth of breaches in 2019.  A External Network Penetration Test will identify problems in your network infrastructure.

 

 

 

Subscribe to our monthly newsletter today

If you’d like to stay up-to-date with the latest cyber security news and articles from our technical team, you can sign up to our monthly newsletter. 

We hate spam as much as you do, so we promise not to bombard you with emails. We’ll send you a single, curated email each month that contains all of our cyber security news and articles for that month.

Why Choose SecureTeam?

Customer Testimonials

“We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”

Aim Ltd Chief Technology Officer (CTO)

"Within a very tight timescale, SecureTeam managed to deliver a highly professional service efficiently. The team helped the process with regular updates and escalation where necessary. Would highly recommend"

IoT Solutions Group Limited Chief Technology Officer (CTO) & Founder

“First class service as ever. We learn something new each year! Thank you to all your team.”

Royal Haskoning DHV Service Delivery Manager

“We’ve worked with SecureTeam for a few years to conduct our testing. The team make it easy to deal with them; they are attentive and explain detailed reports in a jargon-free way that allows the less technical people to understand. I wouldn’t work with anyone else for our cyber security.”

Capital Asset Management Head of Operations

“SecureTeam provided Derbyshire's Education Data Hub with an approachable and professional service to ensure our schools were able to successfully certify for Cyber Essentials. The team provided a smooth end-to-end service and were always on hand to offer advice when necessary.”

Derbyshire County Council Team Manager Education Data Hub

“A very efficient, professional, and friendly delivery of our testing and the results. You delivered exactly what we asked for in the timeframe we needed it, while maintaining quality and integrity. A great job, done well.”

AMX Solutions IT Project Officer

“We were very pleased with the work and report provided. It was easy to translate the provided details into some actionable tasks on our end so that was great. We always appreciate the ongoing support.”

Innovez Ltd Support Officer

Get in touch today

If you’d like to see how SecureTeam can take your cybersecurity posture to the next level, we’d love to hear from you, learn about your requirements and then send you a free quotation for our services.

Our customers love our fast-turnaround, “no-nonsense” quotations – not to mention that we hate high-pressure sales tactics as much as you do.

We know that every organisation is unique, so our detailed scoping process ensures that we provide you with an accurate quotation for our services, which we trust you’ll find highly competitive.

Get in touch with us today and a member of our team will be in touch to provide you with a quotation. 

0

No products in the basket.

No products in the basket.