Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Key takeaways from the 2018 Verizon Data Breach Investigations Report

Written by Joseph Carson

April 12th, 2018

The latest installment of the Verizon Data Breach Investigations Report 2018 is now available. It’s the 11th edition of the report, and not surprisingly, it reveals that hackers have continued to be very successful at using their hacking techniques (many which are well known) and we have failed to stop them.


This report is a must-read for cyber security professionals and its highly anticipated release is usually marked in the calendar.  It’s a great insight into the trends and evolution of cyber-crime and it analyses the year’s incidents to help us learn from our past mistakes and understand what we must do better in future.


With over 53,000 incidents and 2,216 confirmed data breaches cyber-crime continues to have far reaching impact and incur increased costs for businesses globally.  The report shows some interesting trends and changes in some tactics used by cyber-criminals to gain access to sensitive information or deploy malicious software.

Reported: over 53,000 incidents and 2,216 confirmed data breaches

What is obvious to me is that top-level cyber security is becoming more essential than any time in history because cyber-crime is quickly passing traditional crime in almost every country worldwide.


Technology alone can’t protect your identity or sensitive data. Hackers and other threat actors target human beings, seeking ways to trick them into giving up vital information unknowingly. They do this because it’s the easiest way to get at valuable data—the process is known as social engineering. So, it’s not surprising that exploited humans are the weakest link in the cyber security chain, and yet the best hope for preventing a cyber security disaster.

We need to get the balance between people and technology right. We have too much complexity in the cyber security industry and it’s crucial that we make it simpler and easier to use if we want people to adopt the technology we offer.  The future of cyber security lies in making it simple.

Below are my key takeaways from this year’s report:

“I would give all my fame for a pot of ale, and safety”

This leading quote from Verizon’s report is awesome and we surely can all relate to the challenge of staying safe and secure while surfing the internet.  Though no matter where we look or what news we read, cyber-crime prevails and we have no safe place.  I think we have to remember all that is good in the internet and, yes, while bad things do happen, we must embrace the internet and use it with care and responsibility.  By knowing the risks and treading carefully we will all be less likely to become victims of cyber-crime.  We should regain trust in the internet and gain a better understanding about where we get the information that we use to make critical decisions about our future.


I have found that we tend to focus more about failures, data breaches, successful hacks and financial fraud. However, no one ever talks about the times when they prevented cyber-attacks or significantly reduced the impact.  We need to hear more about how companies prevented cyber-attacks and what works.  I would definitely like to see a section in the next report that, while maybe anonymous, highlights incidents in which a company averted and prevented a cyber-attack.


Attribution is probably one of the most difficult tasks in cyber-crime which already has more challenges than most people realize, with misdirection and lack of digital footprints to help lead to the cyber-criminal.  It’s always interesting to see the report’s findings on attribution.

So let’s take a closer look:

73% of cyber-attacks where caused by outsiders, which I expected, but I would be more interested to see how much of this was done within country versus cross-border cyber-crime. A surprising number for me was that 50% of cyber-attacks were attributed to organized crime which suggests that organized crime is using hackers as a service.  12% was attributed to nation states—this surprised me quite a bit as I assumed this number was much lower. But cyber-crime and data breaches appear to be used as political weapons and for economic advantage more by nation states as it is highly likely they are going to get away with it.


Well, this remains the same as in previous years with Healthcare being the top victim with 24% of incidents. It’s followed by the Accommodation and Food Services industry with 15% and Public Sector with 14% of incidents. Surprisingly, Small Business only had 58% of incidents which I honestly expected to be higher because supply chain is a major target in today’s cyber-crime. Financial Industry seemed to drop lower, most likely due to major investment in cyber security improvements and fraud detection solutions.


This is a topic which I am always looking at—in Digital Forensics you do one of two things: you follow the money or identify the motive. This usually helps follow the attack path to find the cyber-criminal. So what are the top motives found in the report? 76% was attributed to financial followed by 13% to espionage which, combined, covered 90% of the incidents.  Espionage is likely on the increase due to political instability around the world, and of course financial is always going to be high on the list.


Ransomware continues to see more global use and financial impact.  The main change with ransomware in 2017 was that the ransom demand dropped considerably from previous years and ransomware became easily accessible as a service. This means that ransomware is now considered a commodity that no longer requires significant technical expertise.

Ransomware became easily accessible as a service

If you have a computer and an internet connection you can obtain ransomware and target a victim.  Ransomware is easily accessible to common criminals so we’ll see an increase in use.

DDoS (Distributed Denial of Service) attacks continue to cause major disruption and are often paired with other hacking techniques used for misdirection—while organizations are busy dealing with keeping their services running the cyber-criminals are carrying out a crime elsewhere on the network.

A high percentage of employees will click on a hyperlink

Employee carelessness and error still causes many incidents, and phishing is particularly common as hackers know a high percentage of employees will click on a hyperlink or open an interesting attachment, and at that point it’s game over!

Cyber-criminals and hackers persist with identity and credential theft.  In, fact, identity theft has increased in record numbers in recent years and has been the main focus of many cyber-criminals. This is because it’s much easier to steal a trusted insider’s credentials and bypass traditional cyber security controls than it is to break through the firewall.


Not surprisingly, using stolen credentials topped the list of causes for data breaches.  A common saying is “It’s easier to ask the employee for their password than try to guess it”, so social engineering continues to be a very successful tactic for hackers.  For most employees the only security protecting access is a password, and once the cyber criminal has it they can easily bypass most companies security controls.

RAM Scrapping was high up on the list used mostly to capture more sensitive data and privileges. This enables the hacker to get the information needed to go deeper and further into the network so they can carry out the malicious activity and hide their tracks.

Privilege Abuse is still a major problem for organizations who fail to implement privileged access management solutions. As a result, their employees have high-level privileges that are typically unnecessary to perform their jobs. These privileges go unmanaged and unprotected leaving the organization exposed to unnecessary risk.

Other common causes are phishing and errors likely occurring from misconfigurations.

Privileged abuse is also still a huge topic in the report, with the top motive for privilege abuse being financial. The number of credentials being stolen increased significantly compared to previous years, in line with my predictions that credentials are now the most targeted by cyber-criminals who use them to blend in with normal authorized traffic, carry out malicious activity and remain hidden with valid credentials. This stood out to me as an area that needs more attention in cyber security. Personal information theft also kept with the upward trend.


With 28% of Incidents and Data Breaches being attributed to insiders, do you know which employees you should be cautious about giving privileged access to, given that it increases the possibility of abuse?  This abuse can include walking into their next job with your organization’s sensitive data, selling your information to a competitor, and using it for financial gain or because they’re unhappy with you. The one thing about insiders is they want to ensure they get away with the criminal act, so who are top of the list likely to carry out such actions?

Insiders want to ensure they get away with the criminal act, so who’s most likely to carry out attacks from within?

Top of the list is system administrators who have been given the keys to the kingdom and therefore have access to sensitive data and can make changes on the network and to logs, thereby hiding their tracks. This is followed by end-users, but to me this is kind of a catch-all because at the end of the day isn’t everyone an end-user in some form or another? So it comes down to what level of access each one has been given to company assets.


Another major interesting reading point in Verizon’s 2018 report was what exactly hackers and cyber criminals are after.  The report highlighted that Databases, Point of Sales—both Servers and Client devices, Web Applications, Desktops and documents are the most sought-after assets being targeted in companies.


The data being stolen by cyber-criminals in data breaches are personal information, payment details, medical, credentials and internal IP.


If you’re still using email today you are more likely to become a victim of ransomware or malicious malware via a simple email message. The message contains a malicious link or attachment and all it takes is for one single employee to click on it. Phishing is usually a primary step in a cyber-attack, typically used to try and get one foot in the door so the cyber-criminal can use a stolen compromised account to carry out a much larger cyber-attack.

Phishing emails typically use 3 key methods to get the victims to trust it: Fear, Time and Impact.  Phishing emails will use those methods when the employee is most distracted by other tasks.


The annual Verizon Data Breach Investigations Report, as always, is a great read and keeps you up to date on all things that have happened in the past year, changes in techniques and the growing trends—like which industry needs to be more vigilant about certain cyber-crimes versus others.

Cyber security is quickly becoming part of everyone’s daily life and can longer be separated into personal and work life. In the past cyber-attacks were usually only a concern for the workplace though today that is no longer the situation. Today cyber-attacks are more common and affect everyone connected to the internet.

Cyber-attacks are going to be the biggest threat to every human being and business on earth and will be the trigger for future wars and political instability.

Below are my key hacker recommendations to avoid be a victim:

  • Educate all key stakeholders on the fundamentals of cyber security.
  • Take a people-centric approach to cyber security that prioritizes ease of use and is less complex.
  • Implement Multi-Factor Authentication for emails and all sensitive privileged accounts.
  • Enable encryption to protect user credentials and privacy.
  • Automate the management and security of privileged access using a privileged access management solution.

Want to hone your cyber security knowledge? Download my free Cybersecurity for Dummies eBook below:

FREE Cybersecurity for Dummies ebook

FREE Cybersecurity for Dummies ebook

Show your employees how to protect themselves and your organization


Like this post?

Get our top blog posts delivered to your inbox once a month.