For the tenth year running, Verizon has released its annual Data Breach Investigations Report (DBIR), the most highly anticipated cybersecurity report of the year. The report is based on data from more than 42,000 security incidents and almost 2,000 breaches.
“Insights provided in the DBIR are levelling the cyber security playing field,” said George Fischer, president of Verizon Enterprise Solutions. “Our data is giving governments and organizations the information they need to anticipate cyber attacks and more effectively mitigate cyber-risk.
“By analyzing data from our own security team and that of other leading security practitioners from around the world, we’re able to offer valuable intelligence that can be used to transform an organization’s risk profile.”
Five points to take away from the 2017 DBIR
- Cyber criminals have been targeting smaller companies. 61% of the data breach victims in this year’s report are organizations with fewer than 1,000 employees.
- People are still falling for phishing. 1 in 14 users were tricked into clicking a link or opening an attachment. 25% of those went on to be deceived more than once.
- Ransomware is becoming more prevalent. 51% of data breaches analyzed in the DBIR involved malware. In the 2014 DBIR, ransomware was only the twenty-second most common form of malware. This year it has jumped up to fifth place.
- 80% of hacking-related breaches used either stolen passwords and/or weak passwords. Social engineering is becoming more and more common as a way for cyber criminals to hack their way into an organization and, unfortunately, far too many organizations are making it easy for them.
- Many organizations rely on out-of-date defenses. It’s important to know which threats organizations like yours may face so that you can take the necessary steps to defend against them. Take a look at the executive summary for a handy guide to the threats typical to each industry.
Companies need to have an effective cybersecurity management framework
The report’s findings stress how important it is to have an effective cybersecurity management framework in place to protect staff, processes, technology and assets.
Having a cybersecurity management framework that is aligned to the international cybersecurity standard ISO 27001 will help you manage and control the risks associated with data breaches, and help you build strong defenses to combat all of the scenarios highlighted. ISO 27001 is applicable to all organizations irrespective of their size, type, or nature.
Take a free trial of our ISO 27001 Cybersecurity Documentation Toolkit, to help you fulfil your cybersecurity obligations. Covering state, federal, and international cybersecurity frameworks, this toolkit contains a set of customizable documentation templates that will enable you to produce a robust management system aligned with international information security best practice.