Verizon’s annual report investigating data breach information finds that phishing—which it defines as malicious correspondence involving a link or attachment to install malware on the victim’s computer or system—is still the most successful form of cyberattack. This year, the report analyzed data from almost 100,000 security incidents and more than 3,000 data breaches in 82 countries. The report found that the majority of breaches are from external actors with a financial motive.
Other report highlights include the following:
- Consistency is key in patching software vulnerabilities. The median amount of time between a vulnerability being published and an exploitation of such vulnerability occurring is 30 days—indicating that broad coverage may be more important than speed in the implementation of software patches. The report makes recommendations for developing an approach to remediating vulnerabilities, including focusing on the top vulnerabilities followed by vulnerabilities with known exploits, as well as identifying other risk mitigation strategies for those vulnerabilities that do not have, or cannot receive, a patch.
- Employee awareness is important, but so are other defenses. The report states that 30% of phishing messages were opened, and the malicious attachment or link was clicked in 12% of the opened emails. Due to the success of these phishing cyberattacks, Verizon cites employee awareness as a critical prevention method. However, the report also identifies important defenses for after a malicious attachment or link has been clicked. According to the report, organizations should have a prominent and easily accessible way to report a phishing email, consistently test their email filtering systems, and monitor outbound traffic for suspicious connections and exfiltration of data. Lastly, the report suggests that organizations can protect their networks from compromised desktops and laptops by segmenting the networks and implementing strong authentications between user networks and important information.
- Organizations may want to consider requiring stronger credentials. The report also found that 63% of confirmed data breaches involved weak, default, or stolen passwords. Password exploitation occurred across multiple breach patterns, including targeted attacks and malware infections. Although multifactor authentication is difficult to implement, the results of this investigation seem to suggest that organizations may want to consider implementing multifactor authentication for critical access points.