Data Breaches Continue to Be Financially Motivated as Detection Lags

Verizon released on April 10 the 2018 edition of its Data Breach Investigations Report (DBIR), which analyzed a filtered data set of 53,308 security incidents across multiple industries around the world. Of those security incidents, the 68-page report revealed that 2,216 were confirmed to be breaches. While the report found that there were various reasons for the breaches depending on the industry vertical, the primary motivation behind the attacks remained consistent with prior years, as Verizon once again reported that most are financially motivated. Verizon’s analysis also found that, although breaches are a known risk, 68 percent of them took months for organizations to discover. In this slide show, eWEEK takes a look at some of the highlights of the 2018 Verizon Data Breach Investigations Report.

Once again, Verizon found that the primary motive behind breaches was financial.

The Verizon report looks at both security incidents and confirmed breaches across multiple industry sectors. For the 2018 report, health care was among the most breached sectors.

According to Verizon’s analysis, 87 percent of compromises took minutes or less for attackers to gain access. In contrast, only 3 percent of breaches were discovered within minutes, while 68 percent of breaches went undiscovered for months.

While there are multiple sources for data breaches, Verizon reported that 73 percent of breaches were perpetrated by outsiders.

Any sized organization can be a victim of a data breach. However, in its 2018 report, Verizon found that that the majority (58 percent) of victims were categorized as small business.

There are multiple things that attackers go after in attacks. Verizon identified databases as one of the top assets involved in data breaches.

While the volume of security incidents and data breaches continues to be a challenge, malware incidents are not necessarily an everyday occurrence. Verizon reported that most organizations receive malware on six or fewer days per year.

When organizations do encounter malware, more often than not it is delivered via email. Verizon found that email is the most frequently used malware delivery model.