Phone Number +1-202-802-9399 (US)

Thycotic is now Delinea!

The Lockdown

Thycotic’s Cyber Security Blog

Surprising Takeaways from the 2017 Verizon Data Breach Investigations Report

Written by Joseph Carson

May 3rd, 2017

2016 was a major year for cyber-crime and disruption, with many major significant data breaches (the presidential elections), the Distributed Denial of Service (DDoS) attacks using a botnet of Internet of Things (IoT), and the biggest data disclosure to date, twice, with Yahoo.

This is now the 10th version of the Verizon Data Breach Investigations Report and one common trend is that data breaches are growing with cyber-crime and are now part of everyday life. A big question is: has cyber-crime been influenced by the divide of opinion or has the divide of opinion been influenced by cyber-crime? Only time will tell.

For years, it was hard to determine the real-world metrics in cyber-crime with many of them going unreported or not disclosed. If you are not measuring anything, of course, it always looks good, but the report tears away the covers to reveal the underlying truth. It highlights the ugly of cyber security, the trends, and the lack of proactive actions. It is not all doom and gloom but these are lessons learned from the transparency of real cyber breaches to help the world change our mindset and act upon these lessons.

What did we learn from this report? Well, the actors remained the same with external attackers representing 75% of breaches, 25% from internal actors, 18% by nation states, and 51% from organized crime. I guess the surprise for me was the amount of attacks attributed to nation-states. This means offensive cyber-attacks and espionage is becoming the new political playground. Another surprise was that only 2% involved partners, which I honestly thought would be higher due to the risks in the supply chain.

A major highlight in the report are the techniques used: a whopping 81% of breaches used stolen/weak passwords, 43% used social techniques, and 51% using malware. It appears social networks are a major weakness in security ultimately leading to exposures in stolen/weak passwords finally dropping malware payloads. To me, these techniques are typically combined or part of multiple stages.

The victims continued to be the same with financial, healthcare, public, government, retail, and accommodation being the most targeted by cyber-crime. Education got off a bit lightly this time around. Email continues to be the weapon of choice and financial motivation continues to be the main reason for cyber-crime. The surprise for me was that only 27% of the breaches were discovered by third parties, meaning companies are getting better at detecting breaches.

Privileged abuse was a huge topic in the report with the motives for privilege abuse being either for fun/grudges or financial motivation. A large increase was the number of credentials being stolen in 2016 compared to previous years, in line with my prediction that credentials are now the most targeted by cyber criminals who use those credentials to blend in with normal authorized traffic, carry out malicious activity and remain hidden with valid credentials. This was highlighted and for me is an area that needs more attention in cyber security. Personal information theft also kept with the upward trend.

A common quote from the report was, “Privilege misuse represents 96% of all data breaches within Accommodation”. This was again echoed In healthcare, manufacturing, and the public sector and is a major industry problem that needs to be addressed. Privilege misuse was 3rd in breaches, just behind Web App attacks and Cyber Espionage; 2nd in Incidents just behind Denial of Service.

We’ve always talked about breach dwell-time usually being months and sometimes years. The biggest factor contributing to breach dwell-time is usually a result of privileged account abuse with external attackers masquerading as privileged users. This means that breach dwell-time can be directly related to privileged accounts.

Now with passwords, “Again, if you are relying on username/email address and password, you are rolling the dice as far as password re-usage from other breaches or malware on your customers’ devices are concerned.” Another great quote in the report is, “Don’t use default passwords as doing so makes criminals’ lives much easier.”

Our job in cyber security is to make the life of cyber criminals more difficult and to protect the employees and business from cyber threats. A great quote is, “If a username and password is the only barrier to escalating privilege or compromising the next device, you have not done enough to stop these actors.”

This report brings another great visibility into the ugly truth of the state of cyber security. The threat landscape is changing; cybercriminal’s techniques are evolving and becoming more effective. We continue to see many cyber breaches. If we look at why many of the cyber breaches in the past year have occurred, it comes down to three major factors which can be categorized as the human factor: identities, credentials, and vulnerabilities. We must do a better job at protecting and securing privileged accounts both from external attackers and privileged insiders.



IT Admins: Our collection of free IT tools makes your life easy and your organization safer!

With the digital social society, we are sharing more information, ultimately causing ourselves to be more exposed to social engineering and targeted spear phishing attacks with the ultimate goal of compromising our systems for financial fraud, or stealing our identities in order to access the company we are entrusted with protecting. The perimeter has moved and we need to move with it.

Read the full Verizon 2017 Data Breach Investigations Report here. And if you want to learn how to protect and secure privileged accounts download our Privileged Account Management for Dummies free eBook.