Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Verizon Data Breach Investigations Report Reveals Ransomware Surge

    By
    Sean Michael Kerner
    -
    April 27, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Verizon 2017 DBIR

      Verizon has released its 10th annual Data Breach Investigations Report (DBIR), providing insight into how cyber-attackers are exploiting organizations. Among the key trends that Verizon observed in 2016 is the growing use of ransomware, though overall, the techniques used in past years to exploit organizations are still being used.

      The 2017 DBIR report doesn’t measure everything in quite the same way as past DBIR reports, which can make some year-over-year comparisons difficult. For starters, the official press release for the 2017 DBIR states that 42,068 incidents were analyzed in the new report, of which 1,935 were breaches. In contrast, eWEEK reported last year that the 2016 DBIR report was based on an analysis of 100,000 security incidents, of which 2,260 were confirmed data breaches.

      Gabe Bassett, senior information security data scientist at Verizon Enterprise Solutions, explained that Verizon filters the data set it receives. For 2016, the actual filtered data set used by Verizon was in fact approximately 60,000 incidents—still some 20,000 more incidents than what Verizon is including in the 2017 report. There are several reasons for the lower incident count, including fewer point-of-sale and botnet-related incidents, Bassett said.

      The other big change in the 2017 DBIR report is increased detail around specific industry verticals.

      “It turns out that the attacks that target organizations can be different from industry to industry,” Bassett told eWEEK. “For example, manufacturing has the lowest median DDoS [distributed denial-of-service] attack level, but the highest level of espionage-related breaches.”

      Financial services organizations, on the other hand, are more likely than other industry verticals to have botnet-related breaches, he said. While different industries experience different types of attacks, Bassett said one thing that doesn’t change is why hackers attack any type of organization.

      “The majority of attacks are financially motivated,” he said, “with espionage representing the majority of the non-financial attacks.”

      One key takeaway from the DBIR report is that over the years the ways attackers are exploiting organization haven’t changed much.

      “If you have read the last 10 reports, it will be obvious to you that things like phishing, malware and credential theft still work,” Bassett said. “The same attacks that worked last year worked this year.”

      The unfortunate reality of the modern threat landscape is that there are a lot of easy targets for attackers. “It’s like shooting fish in a barrel,” he said. “That’s where a security strategy can help organizations—it can move them out of the barrel.”

      One thing that has changed over time is how organizations detect breaches. In past years, third-party discovery of breaches was a growing trend, but that’s not the case in the 2017 report. Increasingly, internal resources at organizations are the first to discover breaches, which is a good trend, according to Bassett.

      “If the goal is to detect breaches faster, the internal detection rate is important,” he said.

      In past years, Verizon also looked specifically at actual vulnerabilities, but that isn’t a core focus in the 2017 report. Bassett said the actual vulnerabilities are immaterial; what’s more impactful is understanding vulnerable conditions, which he explained as being attacks like phishing.

      “This year, less than 10 percent of breaches can be attributed to any new technical vulnerability,” Bassett said. 

      In contrast, 31 percent of breaches in the 2017 DBIR across industries that have mandatory breach reporting requirements were due to some form of user error, he said.

      Verizon, like many other security vendors, did notice a significant rise in the volume ransomware in 2016. The 2017 DBIR reports a 50 percent increase in ransomware over the 2016 report. Phishing was identified as the root cause of 43 percent of breaches analyzed in the report. Weak or stolen user credentials were a common component in 81 percent of breaches in the 2017 DBIR.

      Hope for 2017

      “The attacks that occurred last year—phishing, ransomware and credential theft—are not going away,” Bassett said. “There has been a decrease in point-of-sale attacks, and I hope that will continue.”

      Bassett expects to see more creativity in ransomware over the course of 2017 as cyber-attackers aim to generate more revenue.

      There are things that users and organizations can and should do to help limit risk of exploitation. Bassett said that many IT security professionals have the impression that many cyber-attackers are some form of super-human elite hacker.

      “The reality is that most hackers are just going to work, with their own quotas, trying to make a buck,” he said. “You might not be able to beat the elite hacker that won the DefCon Capture the Flag competition, but you can certainly beat the attacker that is phishing your organization.”

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×