Verizon has published its annual Data Breach Investigations Report. The document dissects data breach statistics collected last year and provides insight into the methods hackers use to cripple corporate networks and slow or permanently halt business operations. The telecommunications firm found evidence of more than 42,000 attacks and roughly 1,900 full-blown breaches in 2016, over 800 of which investigators confirmed via mandatory breach information disclosures.
Understanding Attackers
Approximately 99 percent of the attacks, successful and otherwise, originated from external sources, according to the report. These findings fall in line with other data on the subject, as most intruders have no prior relationship with their targets. Even so, many organizations underestimate internal threats, Harvard Business Review reported. While some with legitimate system credentials seek to do harm for personal gain or out of malice, a majority of insider-caused breaches come as the result of negligence. Sometimes employees unknowingly send confidential material to incorrect email addresses or store work data on insecure home systems infiltrated by hackers. No matter how innocent, these acts compromise system security and can cause just as much damage as the work of an external actor.
Looking For Motive
The security team at Verizon evaluated attacker motives as well. Financial gain was far and away the most common reason, with more than 70 percent of hackers breaking into backend systems solely for the profit. Espionage was the second most common motive, as one-quarter of attackers sought to gain secrets of some sort. Surprisingly, an estimated 90 percent of these digital infiltrations are suspected are believed to be state-sponsored. Troublemakers and so-called hacktivists made their mark last year, accounting for 5 percent of attacks.
Analyzing Tactics
Hacking was the most commonly used technique, as nefarious programmers carried out more than 61 percent of recorded digital assaults. Of these attacks, over 80 percent involved stolen login credentials. This figure marked an 18 percent rise in password-related intrusions compared to data collected in 2016, indicating that enterprise password security continues to worsen despite the availability of viable credential security techniques. Why? Some experts blame the shear volume of online accounts individuals must now juggle. The password management company Dashlane evaluated data from over 20,000 users in 2015 and found that most managed more than 90 different accounts, on average. This obviously requires the creation of as many credentials, which leads password to apathy. Unfortunately, this issue may only get worse, as Dashlane projects that the average internet user will have as many as 180 accounts by 2020.
"Verizon found evidence of more than 42,000 attacks and roughly 1,900 full-blown breaches in 2016."
More than half of the attacks covered in the Verizon report involved malware, a hot topic within the data security community. This pernicious software has made it into the mainstream, as businesses and personal computer users reckon with common subtypes like ransomware, which has received considerable attention in recent years. Hackers use these nefarious programs to enter private networks, obtain sensitive files and hold them for ransom. Of course, these schemes can cripple organizations, as mission-critical applications come to halt and operations cease. Again, this problem is expected to worsen in the foreseeable future. Ransomware usage increased by 267 percent in 2016, according to research from the data security firm Malwarebytes.
Verizon found that 43 percent of the attacks executed last year occurred during social interactions, mostly over email. Phishing messages and corrupt attachments were the most common vectors in these situations.
Identifying victims
Hackers targeted organizations across virtually all sectors. Of course, financial institutions bore the brunt of most offensives, accounting for one-quarter of the impacted businesses. Accommodation, health care and retail enterprises represented roughly 30 percent of reported breach victims in 2016. Public entities were the least likely to be attacked, according to Verizon. These organizations were involved in roughly 12 percent of attacks.
These data demonstrate the great need for improved enterprise security. From simple office tools like email clients to mission-critical applications, businesses of all sizes must secure their digital assets to avoid earning a place on this report. How? Before looking into advanced date security solutions, enterprises must shore up their existing systems and look for new software that can stand tall in the face of hackers and other nefarious outside actors looking for server access. This brand of IT modernization may sound expensive and risky to some but maintaining outdated easy-to-penetrate platforms can put an even larger dent in the budget.
Here at Inventu, we ease the IT modernization journey with the Flynet Viewer, a screen integration solution that allows developers to build advanced, secure applications and employer and staff expectations in a way that feels both familiar and simple. Are you ready to buttress your backend security by modernizing your systems? Review our product page to learn more about the Inventu Flynet Viewer and the other solutions in our product portfolio.