Verizon: Human Error the Main Cause of Security Incidents

The Verizon 2016 Data Breach Investigations Report was released this week. The biggest cause of security incidents over the past 12 months has been what Verizon calls “miscellaneous errors,” a category which includes misconfigured IT systems, improper disposal of company data, lost and stolen devices and email errors. In the case of the latter, 26% of breaches were caused by individuals emailing data to incorrect individuals.

Weak passwords continue to cause organizations problems. 63% of confirmed data breaches were attributed to either poor passwords, default login credentials that had not been changed, or the use of stolen login credentials.

Cyberattacks are often made possible due to the failure to install patches promptly. In the majority of cases, hackers exploit vulnerabilities that have existed for months, even though patches have been made available. Verizon reports that 85% of successful exploits of took advantage of the top 10 known vulnerabilities.

The biggest cause of data breaches this year is web application attacks, which have increased by 33% since the 2015 report. Verizon confirmed that organizations are still failing to implement industry best practices and adopt basic security defenses. The security of IoT devices may be a cause for concern for the future, but so far criminals have failed to exploit IoT vulnerabilities to any significant degree.

Phishing and Ransomware Increasingly Used to Attack Organizations

Verizon’s figures confirm that attackers are increasingly using ransomware to attack organizations. Use of the file-encrypting malware has increased 16% since the 2015 report was released.

One of the biggest growth areas is phishing. Phishing has previously been predominantly associated with nation-state attacks; however, more criminals are now using the technique to steal data, install malware, and conduct ransomware attacks. Verizon reports that 95% of all security breaches fall into 9 patterns and phishing has now spread to seven of those.

The rise in popularity of phishing is due to the effectiveness of the technique and the speed at which access to networks can be gained. Attackers can gain access to systems within just a few minutes of sending phishing emails. The technique can also be used to target specific individuals such as heads of finance and high level executives who have access to corporate bank accounts.

Phishing is also being used as part of three-pronged attacks on organizations. Rather than sending infected email attachments, attackers send a link to a malicious website. Clicking the link results in the downloading of malware which allows the attackers to gain a foothold.

Keyloggers are downloaded which allows attackers to obtain login credentials and stolen credentials are used to make fraudulent bank transfers or log on to third party websites.

One of the biggest concerns is the speed at which attacks are now taking place. Attackers can gain access to systems in minutes, with the average time to exfiltrate data calculated by Verizon to be around 28 minutes. Unfortunately, it is still taking days, weeks, or months for organizations to discover their systems have been breached and data stolen.

In the majority of cases basic security measures can prevent the majority of security incidents. As pointed out by Verizon Enterprise Solutions’ executive director of global security services Bryan Sartin, “This year’s report once again demonstrates that there is no such thing as an impenetrable system, but often times even a basic defense will deter cybercriminals who will move on to look for an easier target.”

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.