2020 Verizon data breach investigations report: Summary and key findings for security professionals
The Verizon Data Breach Investigations Report, or the Verizon Data Breach Report, is an annual report intended for information security professionals. It summarizes 3,950 confirmed data breaches and is a collection of work from 81 contributors spanning 81 countries and has grown more than a little bit since last year’s twelfth edition.
Navigating this year’s Verizon Data Breach Report may be a bit confusing, as its format has changed. Fortunately, this article will do the legwork for you! It will offer a summary of the Verizon Data Breach Report as well as key findings that information security professionals can use as a sort of road map to use for how the information security landscape will look in the year to come.
Summary of the Verizon data breach report
The summary of the Verizon Data Breach Report provides a top-level view of what you should take away from it, based upon four general questions. Each question yields more information than you may think and provides a solid starting point for the key findings to come.
What tactics are utilized?
- 45% of breaches involved hacking
- 22% of attacks included social attacks
- 22% involved malware
- 17% of breaches featured errors which were causal events
- 8% of breaches were caused my authorized user misuse
- 4% of breaches involved physical actions
Who’s behind the breaches?
- 70% of breaches were perpetrated by external actors
- 55% of breaches were caused by organized criminal groups
- 30% of breaches were perpetrated by internal actors
- 4% of breaches had four or more attack actions
- 1% involved partner actors
- 1% involved multiple parties
Who are the victims?
- 81% of breaches were discovered in a matter of days or less
- 72% of breaches involved large business victims
- 58% of victims had their personal data compromised
- 28% of breach victims were small businesses
What are the other commonalities?
- 86% of breaches were financially motivated
- 43% of breaches involved web applications
- 37% breaches involved stolen or used credentials
- 27% of malware incidents were ransomware
- 22% of breaches involved phishing
2020 Verizon data breach report key findings
As previous editions have proven, the Verizon Data Breach Report is packed with useful information about the state of affairs of information security. The 2020 edition is no exception. Here are the key findings.
The origin of breaches
When many think of where data breaches come from, they probably conjure images of cybercriminals with hygiene issues sitting in a basement of some dingy building halfway around the world. In reality, attacks normally have a much more domestic origin.
- 85% of attackers and their victims live in the same country
- 56% live in the same state
- 35% live in the same city
Cost of a data breach
The cost of a data breach to an organization is probably tossed around conference rooms in organizations across the nation. However, it is something that most information security professionals may not focus on. For organizations, including corporate enterprises, the most commonly reported cost of a breach was $32,200; this is an increase from $29,300, which was the most commonly reported cost in 2019. This figure may seem substantial to some, but at the cost of a used car, it could definitely be worse.
Steps count
The number of steps attackers need to take to carry out malicious actions affects the willingness of them to attack. What this means is that attackers are far less likely to take any more steps than is absolutely necessary to carry out attack-related actions. For example, the Verizon Data Breach Report found that where there were 200 breaches where attackers took one step to accomplish an action. This number was nearly cut in half when just one extra step was added.
The allure of quick monetization
PoS (Point of Sale) breaches followed the general trend established in recent years of a scale down. While this was noticed in last year’s Verizon Data Breach Report, the past year has allowed contributors to connect this reduction to monetization. It takes more time and effort to wage a malware-based campaign when infecting targets with ransomware can be a faster option.
DDoS’ing the competition
A helpful aspect of the Verizon Data Breach Report is that it separates the report (in part) based upon industry. The Arts, Entertainment and Recreation sector has received the most DDoS-based attacks, and this has been attributed to online gambling entities. DDoSing competitors is commonplace for online gambling entities, which has driven this trend.
User error
A general finding across nearly all industries is the rise of miscellaneous errors as part of data breaches. This has been called the frenemy of information security. Among the most commonly reported errors is that of misconfiguration, which basically means the system administrator was not careful enough to properly secure databases and cloud storage containers. As the Verizon Data Breach Report commented: “Good security practices? Ain’t nobody got time for that!”
How well do you know your region?
2020 was the first year that the Verizon Data Breach Report divided the world up into regions for a deeper analysis of their findings. In terms of how things went in North America, hacking using stolen credentials was the top attack seen, along with social engineering attacks that encourage the use of said stolen credentials coming in second place. As in other places in the world this year, errors are commonplace in North America, with misdelivery and misconfiguration being the top two errors seen.
Hands-on threat intel training
Conclusion
The Verizon Data Breach Report for 2020 was an information-packed and insightful look into the information security landscape across different industries. Many of the trends from 2019, including a continued reduction in PoS attacks, continued into 2020 and set the pace for the year.
The report had too much information to pack into this article so make sure you take a look at it for yourself.
Source
The 2020 Verizon Data Breach Investigation Report, Verizon DBIR 2020
In this Series
- 2020 Verizon data breach investigations report: Summary and key findings for security professionals
- Dark Web hacking tools: Phishing kits, exploits, DDoS for hire and more
- Dependency confusion: Compromising the supply chain
- BendyBear: A shellcode attack used for cyberespionage
- ATP group MontysThree uses MT3 toolset in industrial cyberespionage
- BlackBerry exposes threat actor group BAHAMUT: Cyberespionage, phishing and other APTs
- Top 9 cybercrime tactics, techniques and trends in 2020: A recap
- KashmirBlack botnet targets WordPress, Joomla and other popular CMS platforms
- BAHAMUT: Uncovering a massive hack-for-hire cyberespionage group
- Linux security and APTs: Identifying threats and reducing risk
- Top 6 ransomware strains to watch out for in 2020
- How hackers use CAPTCHA to evade automated detection
- The State of Ransomware 2020: Key findings from Sophos & Malwarebytes
- Dark web fraud: How-to guides make cybercrime too easy
- Top 6 malware strains to watch out for in 2020
- Top Cybersecurity Predictions for 2020
- Malware spotlight: What is click fraud?
- What does dark web monitoring really do?
- ThreatMetrix Cybercrime Report: An interview
- Are dark web monitoring services worth it?
- Cybercrime and the underground market [Updated 2019]
- Verizon DBIR 2019 analysis
- Common causes of large breaches (Q1 2019)
- The Magecart Cybercrime Group Is Threatening E-Commerce Websites Worldwide
- Russian Cyberspies Target 2018 U.S. Midterm Elections
- The Increasing Threat of Banking Trojans and Cryptojacking
- Leaders’ Meetings: A Privileged Target for Hackers
- Fraud as a Service (FaaS): Everything You Need to Know
- All about SamSam Ransomware
- The Decline of Ransomware and the Rise of Cryptocurrency Mining Malware
- Mechanics Behind Ransomware-as-a-Service
- The Art of Fileless Malware
- ZLAB MALWARE ANALYSIS REPORT: RANSOMWARE-AS-A-SERVICE PLATFORMS
- Which Are the Most Exploited Flaws by Cybercriminal Organizations?
- 5 New Threats Every Organization Should be Prepared for in 2018
- Memcrashed: The Dangerous Trend Behind the Biggest DDoS Attack Ever
- Open source threat intelligence tools & techniques
- Global Cost of Cybercrime on the Rise
- An Enterprise Guide to Using Threat Intelligence for Cyber Defense
- The Five Largest Ransomware Attacks of 2017
- Intellectual Property Crimes in the Dark Web
- Top 5 Smartest Malware Programs
- Is Russian Intelligence Using Tainted Software to Access Corporate and Government Networks?
- Vault 7 Leaks: Inside the CIA's Secret Kingdom (July-August 07)
- DragonFly 2.0: The Alleged Nation-State Actor Hits the Energy Sector Again
- Russian APT Groups Continue Their Stealthy Operations
- Massive Petya Attack: Cybercrime or Information Warfare?
- SAP SECURITY FOR CISO: SAP Attacks and Incidents
- Role of Threat Intelligence in Business World
- WikiLeaks Vault 7 Data Leak: Another Earthquake in the Intelligence Community
- Past and Present Iran-linked Cyber-Espionage Operations
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Threat Intelligence
Dark Web hacking tools: Phishing kits, exploits, DDoS for hire and more
Threat Intelligence
Threat Intelligence
Threat Intelligence
ATP group MontysThree uses MT3 toolset in industrial cyberespionage