Most data breaches affect businesses with 1,000 or fewer employees, according to a recent report published by Verizon. The Verizon "2017 Data Breach Investigations Report" indicated 61 percent of data breach victims were businesses with under 1,000 employees.
In addition, the report revealed 95 percent of phishing attacks that led to a data breach were followed by some sort of software installation. It also showed 80 percent of hacking-related breaches involved the use of either stolen passwords and/or weak or guessable passwords.
Picture of Cybercrime in 2017
Verizon's 2017 Data Breach Investigations Report highlighted the collective experience of 65 organizations to provide "the full picture on cybercrime," Verizon noted.
The report examined several key questions surrounding cybercrime in 2017, including:
- Who is behind data breaches? The report indicated 75 percent of data breaches were perpetrated by outsiders, followed by internal parties (25 percent).
- What tactics are cybercriminals using? Sixty-two percent of data breaches involved hacking, and 51 percent involved malware.
- Who are the victims of data breaches? Financial services organizations (24 percent) were the top victims of data breaches, along with healthcare organizations (15 percent) and public sector organizations (12 percent).
The report illustrated various cybercrime trends as well, and these include:
- 73 percent of data breaches were financially motivated.
- 66 percent of malware was installed via malicious email attachments.
- 27 percent of data breaches were discovered by third parties.
- 21 percent of data breaches were related to espionage.
Perhaps worst of all, many organizations are using outdated cybersecurity defense systems to combat cyber threats, Verizon stated.
Tips to Combat Cyber Threats
Verizon offered the following tips to help organizations combat cyber threats:
- Be vigilant. Use log files and change management systems to identify the early warning signs of a data breach.
- Make people your first line of defense. Offer cybersecurity training to teach employees how to identify data breach warning signs.
- Keep data on a "need to know" basis. Ensure only staff members who require access to various systems to do their jobs have access to these systems.
- Patch promptly. Deploy software patches quickly and effectively to reduce the risk of cyber threats.
- Encrypt sensitive data. With encryption, organizations can "make their data next to useless if it is stolen," Verizon pointed out.
- Use two-factor authentication. Two-factor authentication limits the risk of long-lasting damage that can be done with lost or stolen credentials.
- Implement physical security measures. Physical security helps safeguard sensitive data that is not stored online.
Many data breaches are avoidable, Verizon indicated, and organizations that look beyond basic cybersecurity measures are better equipped than others to prevent data breaches both now and in the future.
"While attackers are using new tactics and tricks, their overall strategies remain relatively unchanged. Understanding them is critical to knowing how to defend your organization from cyberattacks," Verizon stated.