Major Data Breach Report Reveals Key Perimeter Weaknesses

The release of a major cybersecurity report—The Verizon 2019 Data Breach Investigations Report—reveals key digital perimeter weaknesses for enterprises. Critically, the C-suite constitute one of the major perimeter weaknesses enterprises must face in their endpoint security.

Indeed, hackers target high-level executives twelves times more than average employees; in addition, C-suite executives suffer social breach targeting nine times more than the regular user.

Some of the key findings on enterprise perimeter weaknesses by the Verizon 2019 Data Breach Investigations Report include:

• Ransomware constitutes almost 24% of security incidents. Verizon believes their frequency contributes to a lack of media attention.
• Cryptocurrency mining malware only accounts for 2% of cybersecurity incidents. None of this kind of attack ranked in the top 10 malware varieties.
• External threat actors contribute 69% of all breaches.
• Insider threats contribute 34% of breaches.
• Web-based email compromise using stolen credentials appear in 60% of attacks involving web application attacks.

Expert Commentary on the Verizon 2019 Data Breach Investigations Report

This report serves as one of the most critical in assessing perimeter weaknesses. Thus, experts from across the cybersecurity spectrum. They shared their thoughts on the report below.

Satya Gupta, CTO and Co-Founder at Virsec:

“The latest Verizon 2019 Data Breach Investigations Report highlights that cyberattacks are becoming much more targeted and dangerous. They noted a huge increase in C-level executives being individually targeted. The same trend is happening with specific network tools and industrial equipment. Attackers are prolific at scanning networks and finding specific types of vulnerable equipment, then targeted them with specific malware designed for these devices.

“There continues to be a temporal disconnect between the time frame for attacks versus response. The report points out that attack chains act “within minutes” while “the time to discovery is more likely to be months.” This gap must be tightened and security tools need to focus on real-time attack detection if we are to have any chance to curtail these breaches.”

Dan Tuchler, CMO at SecurityFirst:

“The Verizon report shows the ebbs and flows of different types of threat actor motivations. However, we see some ongoing trends in vulnerabilities: human and social engineering attacks including phishing, increasingly targeting C-level execs., and increased attacks on cloud-based email. These trends are not going to reverse – they are the new reality. Human behavior won’t change. Organizations have to assume that humans will click on the wrong emails, that perimeter defenses will be penetrated, and they must make sure that the critical data is secured where it is stored.”

Mickey Bresman, CEO at Semperis: 

“In the age of the cloud, the perimeter is disappearing fast. Now, we are fully dependent on identity as the only control point. Organizations adopting cloud services need to put a much higher focus on protecting identity repositories as they hold the keys to the kingdom.

“Although not always reported in the news, enterprises continue to succumb to ransomware attacks. When cybercriminals shut operations down, oftentimes the most cost-effective protocol is to quickly meet their demands. But what happens when your ransomed data can’t actually be decrypted even after you pay up? Malware variants like Wiper underscore the importance of a well-developed disaster recovery plan.”

In conclusion, you can read more about the Verizon 2019 Data Breach Investigations Report here.