2020 Data Breach Investigations Report · 2020. 8. 14. · • Real Estate and Rental and Leasing...
Transcript of 2020 Data Breach Investigations Report · 2020. 8. 14. · • Real Estate and Rental and Leasing...
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 1
2020 Data Breach
Investigations
Report
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Philippe LangloisDBIR Author
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
This document and any attached materials are the sole property of Verizon and are not to be used by you other than
to evaluate Verizon's service.
This document and any attached materials are not to be disseminated, distributed or otherwise conveyed
throughout your organization to employees without a need for this information or to any third parties without the
express written permission of Verizon.
© 2020 Verizon. All rights reserved. The Verizon name and logo and all other names, logos and slogans identifying
Verizon's products and services are trademarks and service marks or registered trademarks and service marks of
Verizon Trademark Services LLC or its affiliates in the United States and/or other countries.
All other trademarks and service marks are the property of their respective owners.
Proprietary Statement
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 4
DBIR Authors
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 5
What’s New - 2020 DBIR in numbers
13 years
81 countries
81 contributors
3,950 data breaches
32,002 incidents
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 6
Industry vertical segments
• Accommodation and Food Services (NAICS 72)
• Arts, Entertainment and Recreation (NAICS 71)
• Construction (NAICS 23)
• Educational Services (NAICS 61)
• Financial and Insurance (NAICS 52)
• Healthcare (NAICS 62)
• Information (NAICS 51)
• Manufacturing (NAICS 31-33)
• Mining, Quarrying, Oil & Gas Extraction + Utilities (NAICS 21 + NAICS 22)
• Other Services (NAICS 81)
• Professional, Scientific, and Technical Services (NAICS 54)
• Public Administration (NAICS 92)
• Real Estate and Rental and Leasing (NAICS 53)
• Retail (NAICS 44-45)
• Transportation and Warehousing (NAICS 48-49)
What’s New– Increase in vertical coverageRegional segments
• Northern America (NA)
• Europe, Middle East and Africa (EMEA)
• Asia Pacific (APAC)
• Latin America and The Caribbean (LAC)
SMB focused segment
• Comparing and contrasting with breaches on large
companies
Map of external standards into VERIS
• MITRE ATT&CK Framework
• CIS Critical Security Controls (CSC)
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
In 2020 report, 85% of security incidents and 78% of confirmed data breaches continue to fall into the
2014 patterns.
Growth of Phishing-based incidents has been responsible for the growth of the “Everything Else”pattern
Key Insights - Incidents | Breaches per Pattern
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Key Insights – The times, they aren’t a’changing
8
Credential theft,
social attacks (i.e.,
phishing and
business email
compromise), and
errors cause the
majority of breaches
(67% or more).
DBIR data continues
to show that external
actors are—and
always have been—
more common. In
fact, 70% of
breaches this year
were caused by
outsiders.
Espionage gets the
headlines but
accounts for just 10%
of breaches in this
year’s data. The
majority (86% of
breaches) continue to
be financially
motivated. Advanced
threats—which also
get lots of buzz—
represent only 4% of
breaches.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Key Insights – Do as I say, not as I do
9
This year’s DBIR saw a
high number of internal
error-related breaches
(881, versus last year’s
424).
This increase is likely
due to improved
reporting (6x increase
on Security Research
disclosure from 2019)
not insiders making
more frequent mistakes.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Key Insights – Up close and personal data
10
Personal data is getting swiped
more often—or those thefts are
being reported more often due to
disclosure regulations.
Personal data was involved in 58%
of breaches, nearly twice the
percentage in last year’s data. This
includes email addresses, names,
phone numbers, physical
addresses and other types of data
that one might find hiding in an
email or stored in a misconfigured
database.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Key Insights
11
Ransomware is
everywhere.
Ransomware now
accounts for 27% of
malware incidents,
and 18% of
organizations
blocked at least one
piece of
ransomware. No
organization can
afford to ignore it.
Oh, what a
tangled web
application.
Attacks on web
apps were a part of
43% of breaches,
more than double
the results from
last year. As
workflows move to
cloud services, it
makes sense for
attackers to follow.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Block party
Security tools are getting better at
blocking common malware.
The DBIR data shows that Trojan-
type malware peaked at just under
50% of all breaches in 2016 and
has since dropped to just 6.5%.
Malware sampling indicates that
45% of malware is either droppers,
backdoors or keyloggers. Although
this kind of threat is still plentiful,
much of it is being blocked
successfully.
Key Insights – Good news? In my infosec?
12
Patch things up
Less than 5% of breaches involved exploitation of a vulnerability and only
2.5% of security information and event management (SIEM) events involved
exploiting a vulnerability.
This finding suggests that most organizations are doing a good job at
patching—so keep it up.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 13
Key Insights – Path-based Attacks
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Key Insights – Path-based Attacks
Most of the successful attacks are short, likely because it is both cheaper and easier
for the attacker (or the breach is simply due to a single error) ... and more successful.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
For attack paths, the
'malware' threat action
variety usually doesn't begin
a breach (it is normally a
second or later step on the
compromise).
Also, breaches rarely end
with a 'social' action, (so if
you see a social attack, you
can expect more to follow).
Key Insights – Path-based Attacks
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
• Accommodation and Food Services (NAICS 72)
• Arts, Entertainment and Recreation (NAICS 71)
• Construction (NAICS 23)
• Educational Services (NAICS 61)
• Financial and Insurance (NAICS 52)
• Healthcare (NAICS 62)
• Information (NAICS 51)
• Manufacturing (NAICS 31-33)
Industry vertical segments
• Mining, Quarrying, Oil & Gas Extraction + Utilities (NAICS 21
+ NAICS 22)
• Other Services (NAICS 81)
• Professional, Scientific, and Technical Services (NAICS 54)
• Public Administration (NAICS 92)
• Real Estate and Rental and Leasing (NAICS 53)
• Retail (NAICS 44-45)
• Transportation and Warehousing (NAICS 48-49)
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Educational Services
17
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Financial and Insurance
18
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Healthcare
19
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Public Administration
20
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Retail
21
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
SMB vs Large Organizations
22
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
• Carelessness, limited staffing and rush
to adopting new technologies and
processes may result in an increase
error based breaches
• Phishing and stolen credentials will
continue as organizations are moved to
SaaS applications
• Ransomware likely to rise as criminals
are embracing new techniques and
tactics to monetize their access
COVID-Update
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 24
What’s New – VERIS Common Attack Framework (VCAF)
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 25
What’s New – CIS Control Recommendations
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Key Insights – Controls to prioritize
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.