Attackers Are Motivated: A Verizon Study Shows That Cyber Threats Are Adapting Along With Online Behavior

| Ryan W. McBrideMichael Friedland

41,686. That is the number of security incidents a recent Verizon study tracked across 86 countries and 73 data sources, as experts work to identify patterns in data breach incidents to help companies better prepare for the next cyber-attack. Knobbe Martens partner Susan Natland, along with James Bikoff, from Smith, Gambrell, & Russell, LLP, and Nicole DelleDonne of Brandsight, Inc., partnered with IBM to analyze this study and extract practical tips for businesses on mitigating damages after a data breach.

Some of the study’s findings confirm what businesses have been told for years: discovery and containment of a data breach takes months, but having a security response plan in place reduces containment time and information loss. Hacking, malware, and social media are still the most common threat actions used to carry out attacks. The report also contained some good news: employees and customers have become more aware of phishing threats.

The study also provides concrete statistics regarding how often attacks occur, how they are most often carried out, and what industries are most at risk.

At a glance:

  • Even though approximately 1/3 of all breaches still involve phishing, the effectiveness of these attacks is dwindling as click rates of phishing links decreases. Click-through rates from data partners fell from 24% to 3% between 2012 and 2019. Employees are also increasingly aware of the need to quickly report when they accidentally click on a phishing link.
  • Ransomware was responsible for approximately 1/4 of all security incidents in 2018. This continues to be a significant threat across all industries.
  • Small businesses accounted for 43% of all data breach victims, with public sector entities (15%), healthcare organizations (15%), and financial services companies (10%) also experiencing a significant number of attacks.
  • 69% of all attacks are committed by outsiders.
  • C-level executives are twelve times more likely to be the target of a social incident (which accounts for 33% of attacks overall) and nine times more likely to experience this type of attack than they were in years past. This type of attack seems to be on the rise across all industries.

The report concludes that the most important tool in reducing the risk of a security incident is the security response team’s knowledge of the current risks. Since 2014, there have been nine incident patterns that comprise the majority of incidents and breaches. In fact, 98% of security incidents and 88% of data breaches continue to occur within one of the nine patterns.

By combining these known patterns with an awareness of the specific threats most common in your industry, you can significantly reduce your risk of a security incident and be better prepared if your business does fall victim to one.

Full report:

IBM article:

Editor: Arsen Kourinian